f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593

Resubmissions

11-08-2024 12:28

240811-pngzlszalp 6

18-04-2024 10:53

240418-mzd1zscc4y 8

Analysis

max time kernel
1208s
max time network
1172s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
18-04-2024 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
Size

5.3MB
MD5

fbd9ad001bb2719f574c0705c5de05fb
SHA1

d07e77a490ad677935ac8213b88237e94440e791
SHA256

f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593
SHA512

5724e3f858ae7ea92ba4ce325f3f8f4b90ecc6d7c19476e2888c4b09f0913463191b977f71314300918cceb0a6ae0b80e29d3c70891e8aeb9314da233a929e96
SSDEEP

98304:oeZOuRuvqAgef1ndGaX6tJJQv2FKA75OpVclc02vDRZTEB:1ZOPNdo3u0jc02vVZoB

Score

8^/10

persistence

Malware Config

Signatures

Creates new service(s) 1 TTPs
persistence

Windows Service
T1543.003
Downloads MZ/PE file

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	nemu-downloader.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\shortcut_tools.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\[email protected]	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\VAddressDevice.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\CheckBoxSpecifics.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\rcc\RemoteResource.rcc	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\MuMuManager.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\libexpat.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\CheckDelegate.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp6.cat	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\plugins\bearer\	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMInstallHelper.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.92.0\	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\RoundButton.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\SplitView.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Menu.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\ComboBox.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\ToolBar.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMHeadless.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\MuMuVMMVbox\Hypervisor\vaddress\0.0.94.0	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMRT.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\qtwebengine_resources_200p.pak	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-zh-Hant-json.27d41893.js	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedClipboard.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\plugins\scenegraph\qsgd3d12backend.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\ActionGroup.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\TextField.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\rangeslider-icon.png	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\tumbler-icon.png	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\arrow.ab549871.svg	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPInstall.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\x64\7za.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQml\qmlplugin.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Imagine\DelayButton.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\api-ms-win-core-libraryloader-l1-1-0.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\css\system.119b6500.css	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\frame-icon.png	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\mumuvmmvmmr0.cat	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQml\WorkerScript.2\plugins.qmltypes	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\vcruntime140.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\SwipeView.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\Frame.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\CheckDelegateSpecifics.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp.sys	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\Menu.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\DialogButtonBox.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\api-ms-win-core-synch-l1-2-0.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\LocalStorage\qmllocalstorageplugin.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Install.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfInstall.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\nemu-statistics.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\ControlSpecifics.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\[email protected]	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\MuMuPermission.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\Qt\labs\qmlmodels\plugins.qmltypes	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Window.2\	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-ko-json.b14601aa.js	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\MenuSeparator.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\app.698744ba.js	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\vms\vms\120.1.60.003-nemux-overseas-x64-release\ota.vdi	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.inf	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Imagine\ComboBox.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

Executes dropped EXE 18 IoCs

pid	Process
2980	nemu-downloader.exe
1044	ColaBoxChecker.exe
4172	HyperVChecker.exe
2640	HyperVChecker.exe
3008	HyperVChecker.exe
696	MuMuDownloader.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
7784	MuMuVMMSVC.exe
4060	MuMuVMMSVC.exe
8156	SUPUninstall.exe
3124	SUPUninstall.exe
8636	SUPInstall.exe
3672	SUPUninstall.exe
7372	SUPUninstall.exe
4492	MuMuVMMSVC.exe
6624	MuMuVMMSVC.exe
764	SUPUninstall.exe
4236	SUPUninstall.exe

Launches sc.exe 16 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
6140	sc.exe
7436	sc.exe
8044	sc.exe
1176	sc.exe
5992	sc.exe
7880	sc.exe
1416	sc.exe
7808	sc.exe
4632	sc.exe
3268	sc.exe
800	sc.exe
7604	sc.exe
8716	sc.exe
4656	sc.exe
4936	sc.exe
6236	sc.exe

Loads dropped DLL 64 IoCs

pid	Process
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

Registers COM server for autorun 1 TTPs 27 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both"	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{208DF701-79C8-426C-814B-18828F6A0B61}\InProcServer32\ = "C:\\Program Files\\MuMuVMMVbox\\Hypervisor\\MuMuVMMProxyStub.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\InprocServer32\ = "C:\\Program Files\\MuMuVMMVbox\\Hypervisor\\MuMuVMMC.dll"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{208DF701-79C8-426C-814B-18828F6A0B61}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll"	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}\InprocServer32\ = "C:\\Program Files\\MuMuVMMVbox\\Hypervisor\\MuMuVMMC.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{208DF701-79C8-426C-814B-18828F6A0B61}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23cd1535-edaa-4f21-a4ab-45d97fd1d58b}\LocalServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}\InprocServer32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll"	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll"	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both"	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll"	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll"	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{208DF701-79C8-426C-814B-18828F6A0B61}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23cd1535-edaa-4f21-a4ab-45d97fd1d58b}\LocalServer32\ = "\"C:\\Program Files\\MuMuVMMVbox\\Hypervisor\\MuMuVMMSVC.exe\""	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll"	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23cd1535-edaa-4f21-a4ab-45d97fd1d58b}\LocalServer32	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579113502997907"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2ABC898-AAA2-46BB-AE9C-2312F3965DF8}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AC2EA53E-7257-4888-8DC8-757EAA526074}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF4BF3F-BE03-4047-9F32-A3C596EAA7CF}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F1C529B1-9648-4DEC-A568-22C09BEAC347}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD94B1B9-4E0A-4E29-9523-87773798D7FE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{90ECF02C-9537-4672-8DC7-AEA8FFB1A6B2}\ = "IDHCPGroupCondition"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{548FB90A-8D83-4AF2-AD42-4E9BFED789C3}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MuMuVMMSVC.exe	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED67B5C5-0278-415A-930C-E4AFC8579D2E}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3CAB8B70-7205-43BB-B947-4A2B5C45236D}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1485947C-ECDD-4C9D-AAA4-C0AE11EA0FCE}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0B4823E3-8012-47D1-A190-B463DFAC2EE0}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6734F6F5-1D20-4413-BD35-B97B11112581}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}\VersionIndependentProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DC2AEB7-E07E-4DD6-B4FD-E00406BE03EC}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C7B7023-3926-4405-A8B6-1882413C9840}\ = "ISnapshotTakenEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{88390768-0A21-4432-8C5D-C4B8BB79EED2}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{516FA0AA-EFEA-404F-8444-75DCA7CD41F1}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{897829BD-0F65-4FDA-BECC-86D05E0B5586}\1.3\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{17227208-4E3E-446B-96E3-C332C981CD16}\ = "IRecordingSettings"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{90E49301-D830-4306-A1F3-BFC71FEEE221}\NumMethods\ = "13"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6401FA3B-7FAB-422B-B62D-4E1B447EC232}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23cd1535-edaa-4f21-a4ab-45d97fd1d58b}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6677AE5C-2EC7-4E19-82F9-2AB55F2A7748}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D859822B-FDC4-4E4E-81DB-ECB2184E1576}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{82FD70B7-6243-42C7-9E46-0B261CD0E1D1}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\InprocServer32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{879831D9-86CB-4E5E-898C-DC35EC7FB029}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B501BF7-5B6B-43EB-8B1A-CE8C341636C7}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{17227208-4E3E-446B-96E3-C332C981CD16}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3CAB8B70-7205-43BB-B947-4A2B5C45236D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B74BE542-BAC3-4E9A-9C95-AEE7BB97C874}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A3C5E0A1-77F6-457F-BCC4-1DD00746FF38}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9DA7803E-B5F0-4BAC-9714-25C395CF3213}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21BC3962-73A5-4843-B543-7B089C933E4D}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D026AD1-8158-4EBC-BDFB-AFCA7630BA9E}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6554764E-37BE-4115-9BE8-57A82AE6CF7B}\ = "IEventSourceChangedEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AC409D03-F389-4C80-8FC4-96D79962925B}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0E2B1C1-F72B-4858-A2FE-62CC210436DF}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0B4823E3-8012-47D1-A190-B463DFAC2EE0}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6290458-9FD3-4DCA-98D2-10B029000051}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{90E27F9C-1118-4072-A239-726DF53FB10D}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6290458-9FD3-4DCA-98D2-10B029000051}\ = "ICloudProviderManager"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55DC8136-A4B7-49F8-BD09-A4CF110B59A2}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E444782C-2209-4C85-800E-6E2417FBE8B5}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{07CB6B5F-29F6-4FE4-8816-AAAD4E7159FC}\ = "INetworkAdapter"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6734F6F5-1D20-4413-BD35-B97B11112581}\ = "IMachineStateChangedEvent"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAA00610-81F0-4950-8C36-DA6EEB3A80D3}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{90E27F9C-1118-4072-A239-726DF53FB10D}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4C95B43-1D05-48C8-84E0-24248D8BA206}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4C95B43-1D05-48C8-84E0-24248D8BA206}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D5BD057-C27D-4C6B-A7EB-FE9077FF6A4E}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1F046C75-9336-4D11-A181-B93EE1F74E3B}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68D9184B-207E-4C3D-9BFF-F97B1504AEBE}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C3C185E1-CBD4-4B4E-A6C4-0A3A7002540E}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{897829BD-0F65-4FDA-BECC-86D05E0B5586}\1.3\0\win64	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F8762123-E360-4F64-B4AC-49A91CFC00BB}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{934A2FA4-FEA3-4ED3-925C-33DA81CA34FC}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\ProgId	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18AD67AF-1C7D-4629-9816-BE83B7E1E644}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7D6F881-53C2-4245-9EDD-9E00742CC134}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F57E1537-1373-4413-BC68-5895E16702BE}	regsvr32.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
2980	nemu-downloader.exe
2980	nemu-downloader.exe
2980	nemu-downloader.exe
2980	nemu-downloader.exe
2980	nemu-downloader.exe
2980	nemu-downloader.exe
5008	chrome.exe
5008	chrome.exe
2980	nemu-downloader.exe
2980	nemu-downloader.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
7804	chrome.exe
7804	chrome.exe

Suspicious behavior: LoadsDriver 7 IoCs

pid	Process
688	Process not Found
688	Process not Found
688	Process not Found
688	Process not Found
688	Process not Found
688	Process not Found
688	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4604	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
7784	MuMuVMMSVC.exe
4060	MuMuVMMSVC.exe
4492	MuMuVMMSVC.exe
6624	MuMuVMMSVC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 2980	4336	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	80
PID 4336 wrote to memory of 2980	4336	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	80
PID 4336 wrote to memory of 2980	4336	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	80
PID 2980 wrote to memory of 1044	2980	nemu-downloader.exe	81
PID 2980 wrote to memory of 1044	2980	nemu-downloader.exe	81
PID 2980 wrote to memory of 1044	2980	nemu-downloader.exe	81
PID 2980 wrote to memory of 4172	2980	nemu-downloader.exe	86
PID 2980 wrote to memory of 4172	2980	nemu-downloader.exe	86
PID 2980 wrote to memory of 2640	2980	nemu-downloader.exe	88
PID 2980 wrote to memory of 2640	2980	nemu-downloader.exe	88
PID 2980 wrote to memory of 3008	2980	nemu-downloader.exe	90
PID 2980 wrote to memory of 3008	2980	nemu-downloader.exe	90
PID 2980 wrote to memory of 696	2980	nemu-downloader.exe	94
PID 2980 wrote to memory of 696	2980	nemu-downloader.exe	94
PID 2980 wrote to memory of 696	2980	nemu-downloader.exe	94
PID 5008 wrote to memory of 2540	5008	chrome.exe	97
PID 5008 wrote to memory of 2540	5008	chrome.exe	97
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2112	5008	chrome.exe	98
PID 5008 wrote to memory of 2124	5008	chrome.exe	99
PID 5008 wrote to memory of 2124	5008	chrome.exe	99
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100
PID 5008 wrote to memory of 3036	5008	chrome.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\nemu-downloader.exe
  C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\nemu-downloader.exe
  2⤵
  - Enumerates connected drives
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\ColaBoxChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\ColaBoxChecker.exe" checker /baseboard
    3⤵
    - Executes dropped EXE
    PID:1044
- - C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:4172
- - C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:2640
- - C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:3008
- - C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\MuMuDownloader.exe
    "C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\MuMuDownloader.exe" --log="C:\Users\Admin\AppData\Local\Temp\nemu-downloader-aria.log" --log-level=notice --check-certificate=false --enable-rpc=true --rpc-listen-port=49806 --continue --max-concurrent-downloads=10 --max-connection-per-server=5 --async-dns=false --file-allocation=prealloc --enable-mmap=true --connect-timeout=5 --rpc-max-request-size=1024M --stop-with-process=2980
    3⤵
    - Executes dropped EXE
    PID:696
- - C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
    "C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe" /S /auto_start=false /fchannel=gw-overseas12 /D=C:\Program Files\Netease\MuMuPlayerGlobal-12.0
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Registers COM server for autorun
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4604
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:7880
  - - C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
      "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:7784
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
      4⤵
      PID:7828
    - - C:\Windows\system32\regsvr32.exe
        
        /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
        5⤵
        
        PID:7424
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
      4⤵
      PID:8432
    - - C:\Windows\system32\regsvr32.exe
        
        /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
        5⤵
        
        PID:9176
  - - C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
      "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /RegServer
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4060
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
      4⤵
      PID:8708
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
        5⤵
        
        PID:8056
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
      4⤵
      PID:8084
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
        5⤵
        Registers COM server for autorun
        Modifies registry class
        
        PID:6260
  - - C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
      "C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
      4⤵
      Executes dropped EXE
      PID:8156
  - - C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
      "C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
      4⤵
      Executes dropped EXE
      PID:3124
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:1416
  - - C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe
      "C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe"
      4⤵
      Executes dropped EXE
      PID:8636
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:6140
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
      4⤵
      Launches sc.exe
      PID:8716
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
      4⤵
      Launches sc.exe
      PID:6236
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:4656
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" start MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:7436
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" start MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:8044
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:7808
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:4632
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:3268
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:800
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:1176
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:5992
  - - C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
      "C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
      4⤵
      Executes dropped EXE
      PID:3672
  - - C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
      "C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
      4⤵
      Executes dropped EXE
      PID:7372
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:4936
  - - C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
      "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4492
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
      4⤵
      PID:3248
    - - C:\Windows\system32\regsvr32.exe
        
        /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
        5⤵
        
        PID:1408
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
      4⤵
      PID:8700
    - - C:\Windows\system32\regsvr32.exe
        
        /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
        5⤵
        Registers COM server for autorun
        Modifies registry class
        
        PID:712
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "comregister.cmd -u"
      4⤵
      PID:8452
    - - C:\Windows\SysWOW64\net.exe
        
        NET FILE
        5⤵
        
        PID:7508
      - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 FILE
        6⤵
        
        PID:7528
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cd
        5⤵
        
        PID:7664
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cd
        5⤵
        
        PID:9204
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ver
        5⤵
        
        PID:3700
    - - C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
        
        "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:6624
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
        5⤵
        
        PID:6652
      - C:\Windows\system32\regsvr32.exe
        
        /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
        6⤵
        
        PID:7796
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMClient-x86.dll"
        5⤵
        
        PID:4800
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
        5⤵
        
        PID:8844
      - C:\Windows\system32\regsvr32.exe
        
        /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
        6⤵
        
        PID:3264
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMProxyStub-x86.dll"
        5⤵
        
        PID:7856
  - - C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
      "C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
      4⤵
      Executes dropped EXE
      PID:764
  - - C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
      "C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
      4⤵
      Executes dropped EXE
      PID:4236
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" query MuMuVMMDrv
      4⤵
      Launches sc.exe
      PID:7604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffede52ab58,0x7ffede52ab68,0x7ffede52ab78
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:2
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4196 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4328 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4368 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4836 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1596 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4152 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3920 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3908 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4900 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:6592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5528 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:7856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:7944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5404 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5892 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:6196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6044 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:6220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5764 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:6228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5060 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:8540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4596 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:8164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:7808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6020 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:7904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5832 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:8696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5756 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5000 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:8
  2⤵
  PID:6708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4112 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4172 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5716 --field-trial-handle=1820,i,1327504729305593516,10202229314317486683,131072 /prefetch:1
  2⤵
  PID:2944

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004C0
1⤵
PID:7740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMDD2.dll

Filesize
8.4MB

MD5
6fefd079dd81cb94834423426653e19b

SHA1
3d34874275480f30f8332c3d02ced07dfc78fede

SHA256
d8c3ca57a835272f29ada189c2c6425d513305d53042ccabed149dbccf828cf6

SHA512
3f6fff313816cb89f603012faaf93b7b6d080af70d8f82d1155530958bb16297a84ef23dc0f056d357ec28044a4866e09153e6335a5a3fe6acae3e619e328b22

Download Submit
C:\Program Files\MuMuVMMVbox\Hypervisor\VBoxEFI64.fd

Filesize
4.0MB

MD5
f3b0603c8f973d4499a90636da36d0a9

SHA1
5dadfcb99e34654a949ac99c5a3890745f05ed38

SHA256
cb8403e5c91cd13e3e02db796cc73721c947cfa68601b84bac6d5b7e30220a39

SHA512
6ca8a0bf358dcc22c329b9728968a8e0e01bcad9a30a1d462c22ad185245c6c1430233d781636734545586c9ab16281f5d3e95462c2f8749ed7fec8b964e15ed

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuth.dll

Filesize
19KB

MD5
419874bf64461f173a2dcde30a9d068a

SHA1
0cedd525d703e5cd680570d79476ae5600cae796

SHA256
fc8b92180b01e3c0579a8ade48fe5c98aed818de0f93de16565905fe90b3d092

SHA512
b5389d13e36424b6d205334bff0c82de657463258aa8cced5cb5b6dcbac6b16c81339c8254fbed77d1f49896c8ae76ed05a05b6afe224abc34dd99cf744ce882

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuthSimple.dll

Filesize
28KB

MD5
271baf8cbf8282a9310a5026c2f42d03

SHA1
cafccdd75c95d06c9d4849b7009351a9459ec7a7

SHA256
4e61790ff8ea8279a003c0427d86248dc74643ceef14dd0bc6543ed008b960aa

SHA512
9a9469920d86b75f1a95817e8c3bab4bd4d17d3240b5837d7777859a947c5a0e4a3987f1b0c91c4366ca970acdbe81288b9e2cc170202a972b8394d6c7667bd7

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMBalloonCtrl.exe

Filesize
144KB

MD5
8a7994be6ea941296b492252de59cc74

SHA1
c5f3ef41482961a89f5649fa3a229fd334f2d268

SHA256
865e6e5f38e3bcefd5d06c4591208f2d555af5294829a4cfff55299ca230dcbd

SHA512
9d20c3dc2582ed252dac46e323c31e019fa8d1e7b8c777596b0e512b57edf5c755112adad2d0e0db0ba8e733a07bc6b895ee024293b1045bb359fc0b0c70ddaf

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMC.dll

Filesize
2.9MB

MD5
3aec0d63173a168c3867dc4b7702fc63

SHA1
0393c5621e5f6f4e7e148d2dc97f7edd6dc78e5f

SHA256
5736d65e53f1663c72eae70f9446e2aad37493dd59007a105733afe34238f202

SHA512
9e7cdd8d07e60962ebf3138225cc7be9fdfaaa333928bd3faf64ec2804ec730dc4935a2ceb9a213ba2055b5e177987727444f733420e9a629e3478fe65f9d769

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMCAPI.dll

Filesize
32KB

MD5
b94fedd54cfe88c84112cc31805faa68

SHA1
d8467b384573ae86861ef8f6ea905fbd838ae2fd

SHA256
cbfca3fe8d0cee14707ead3bb781cfcdb71af1378054d09cbe5bf6f3c9259cf4

SHA512
9a08e44af9f8ff000253cb3c8e801286203a99610b76b76d254d9b7ea1868aff653d9f73475fad93d83e5a5096624a2e044505ba7ea779244cd4b00a7c367eb5

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDD.dll

Filesize
1.7MB

MD5
7d2a12509733e35ad5852e97d34e2f98

SHA1
a0a3f1302d0b3b547b6f41b6f9f3b107a208c80e

SHA256
9697fefe8185831374cd8bcc7d0c41ec5cfe40d0ba8a48929cbf8d0fac1e6721

SHA512
6bc07d62d8a03b29f9eeb5113fb30a42d176f215cfc111303a904a9fb4ec2c61d2ca61db4cb2cab80c54736a857b2113b217cfcdc1c5dab740c2a098f135a5e2

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDR0.r0

Filesize
200KB

MD5
106dae22290adf78a229d6d3ced17d92

SHA1
816485b26e9624174fa4cecebdcbd0a46d38f8e6

SHA256
d6d4b05170c02ce95c536ae1a2cdd7d3b7a5b54aa14a2a4c4aeed599f92dbb32

SHA512
a2c870bbb13a1bc9c133e3613d84d108d8a5b940bf416f7c82398125f5661102e8a9f41c9e3aa7b4ac11d7bb9beca2d3c101139b962bb5d77a502f2bc9f16957

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDU.dll

Filesize
451KB

MD5
8498781afeeae6dbe42441472a43f9e1

SHA1
a45d908054e6777915c97c2a64a00fc384e302d6

SHA256
6d88fddd662a54924a979cdf1c3f072cbc3e2b12e3cf0a233009a78715435bf7

SHA512
78bf1e68eb7109d71cd28776b59d2b3f38024615942298d411b98486ed60bd01be2dfa9dab4734d54c4559f6affb348c1ec6fa82fa446b376e92241575b21597

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDTrace.exe

Filesize
20KB

MD5
fbc3c4166043d110d30d388edf4b798d

SHA1
a330be676147deea2c8f96131ccf881880064b6d

SHA256
791c8d5f7c1e2db1d380ac284b784714e29037a245033058d15b285ab87504bd

SHA512
21f04df9d9ac65faac9d8f3a523ca20ecc4e5bb89e27e7db66501654e1b8d5e66119db0080077959ae41287541ef3764177c902e071a6a21325fd87d207e881d

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDragAndDropSvc.dll

Filesize
45KB

MD5
371caf53098440e460fbd066ed7f7151

SHA1
4378dbb065a7a396d21746207e25f58863ca246d

SHA256
1e734e64d47242eb7ba4a6d128527cf5c7b4d32ad8640b5801921d579b626911

SHA512
01cb377c8d43647da58d089ae027d2f483606afd6686c4bd59e50a1b98bcd422ea833a3bc2cfdebc8f247c10ac3e4692f9ee887dc1fa2ea6de1596bc6077521e

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.cat

Filesize
11KB

MD5
4d215ca4b7e3cccedc021955f3d8e0dc

SHA1
34281419e17cec26a26a39d74408d80c3a7dce6e

SHA256
67635e38e615cc70f6f6754ecc2d7485914a73b80685e057590eb4f72c1b5441

SHA512
13cdc1f631fad080f4539a65a59d050c7e42fad545f3c190bee5a2ea1b3526df0790f3c8f423b73ca5ab3e71ccb40c603174ce31aee77d24702c77dee8ca1865

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.inf

Filesize
2KB

MD5
423a9e754c1d0067686b7dc1aeffa6b4

SHA1
a57450653e5d9c3126cebe754a1b7e4204044d06

SHA256
586128bd5dc9f67aa56f6b91d133e295c2a2cf3d3eab52672db8bba7cadf3ac2

SHA512
b31f468dfb55de5894962610b09218f49ad4be1148ea8aca9e5e3b5ca4592f0a0ce25d92464e9059e8b52354d3c7befed3db3e57428937b898a8eb492485b580

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.sys

Filesize
358KB

MD5
14e93c14b6d5d5d9db26275dfc987015

SHA1
0585447d1400fcd57b86280453915799de24c7c3

SHA256
cfb29a2e7e938f7f2ec0443d5cf25261468e54c616eb74272c43924bb32e806e

SHA512
41da4d14075c3b47c4228cf1ad964b7a943b59c8e851bd2c264d88e37a7a3f525c9ad15683e5b0f512854eb1088c1d398fef8217a7c420d239c5de12c940639e

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestControlSvc.dll

Filesize
43KB

MD5
d0fe3592f2ca04d63045927a4befc420

SHA1
c831f6dbd84e13170a13a0c8506eca32f1bfd70a

SHA256
42812bbac82102947c8f09911ed612408b0d8d851339da493de021f15c488c58

SHA512
902b34937406d287b4453b78cdd4a2d4f92ff8cf526c03a58e7928d5e26afc5f1907f1d021168aa2f476db941b03dc18de36773d0939da910e922c8423c4e13f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestPropSvc.dll

Filesize
43KB

MD5
1a8e7698d6a8fe8bb8fbdc1bc03e5026

SHA1
43c16440a05bdba0bbeaa3dcf9c9e31563c75ef1

SHA256
c02694a3fe45084e7ef3749795b5fc3ed6f8515397ae78fc1a2ca5355457fce2

SHA512
7b46b522880dd5a60a7e41ecfbaf0a36c7e91ca8699147e151ab2d0b0c663f7598266e6bf8a6c35276ad61d2314419f214d13afc496f3b20cb21e0338306f547

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHeadless.exe

Filesize
215KB

MD5
c1ed3cbf64043c49052768c658f081eb

SHA1
c809a1b955aaa13059f7a3c7a9ea70870c9cc217

SHA256
adc96ee91e917a7f5718a6a918327b3d081e289d097940c18da79d94036dbded

SHA512
947ed6e70046d99063788c56ab9b71ae6e144ba1929ec1910d02393acb132c5c4cd11304b4dfaace131f832770a06260d02c47b4aaba11e4666af30bf4ebfae3

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHostChannel.dll

Filesize
27KB

MD5
a847a9e20ed786d5b5838adbd8d6cae8

SHA1
beff339b2df315764c14c1794b217dee62d669a3

SHA256
d7f250cd9f5066b37d48562d92a8315fb5e0b6512d205cedc1297772af0c86b4

SHA512
1446db9d00bd26f733b5fc0992343b4bcab8b7122bd3d36d1ea75835ea05eeee7c916c8a408150be8f52a60fdc33f882471dc408f05d3e2f43ca14234c047be8

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMInstallHelper.dll

Filesize
187KB

MD5
f4bbc0ff246a38ec930a455f995bd6f0

SHA1
4f44a3b8002245a8648784fc28a6ec54a0c20679

SHA256
1256e679cf2883bb44b4d4f6bfcc44cb332f3a802c396e787e2fbebe67a39dc1

SHA512
2bddea41502aaf6731e3e3c599190001fbb23604b952bd26dd67b9be7d5a3b17bbe85d1fdda42d78b103394f27c13710f7d49e3272606b2cda267fd31014635c

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMManage.exe

Filesize
1.3MB

MD5
a9e4af672f217ef535e9592f5dc971eb

SHA1
27670fb386427d240f91c8503b4f970cc1e6d078

SHA256
7d5b9212da761a3edc07a2ba5f1547f0662be06ae997465e8d5ccae28714e744

SHA512
2b48c4c52ff47d2373b5f3cfd5056595c3b7c7516e66eb3a8c40a5f5b20446fde9dd0440ea814c2817135b1e45a47d08e62539841803f2d1f7e9fbc52961fcd2

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.cat

Filesize
11KB

MD5
4c8e27b491df706887eedcf71be13759

SHA1
e5e11388cd871f54c8c5602deab7ef8392843064

SHA256
8d106e9f8e78d6890161ab12be359ca0e357ce6ad46d9bdc5d80af3448eb94f7

SHA512
e4ed33bd3adc12e62718d93e5d8c8c4fcb61079ff64d50df77014b6730ea2aac15fbca2abb664e19b84bc9d6bde5025a8f71274b7dd7f3e2e66ef07dd5ecc76f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.inf

Filesize
3KB

MD5
92a337482c3995c561139ea8bd7c405b

SHA1
a164ab90cd6e1abedba0c54a96a450d94be4c93b

SHA256
898574b40ca3ab0ce278899e4e585d653eb5dc3a2ac7da57c904a0bf4b0cc014

SHA512
d46f8d7abdf445697303567845390b52a31f3c0e45e8aa357802e667bd4a0816555b3d841f19672adf69c2c31e3dd62e7e6d788d50d95172ac81f5781403a102

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.sys

Filesize
193KB

MD5
e38eaf43e944f9c03104283f105f5363

SHA1
166df8ae9d5e2d3039a5b9a96725c98e43c268c4

SHA256
e7c6793ec48fd075d74eed04933cd256720e4bc4609baa12eb201ef6c89b8108

SHA512
39170fa2c6649106202a45f4dba9800efe0c9e93035df7a59ded989f746cd2d1de971069ef6aae60d34dfbcc7c33b14756a619b430c0289c54439970cc454e7f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.cat

Filesize
11KB

MD5
5b06844dd324d3429d14220f8e03b100

SHA1
d3c29644571053595da3eb84543fb2965fde125a

SHA256
821841dbd1549bf444e8f5082da3feb75fee3f4feabf117b131058d252e5f68d

SHA512
a73a271ad633da89ffd112a9db387e9705edf30e03b18123abbc82671ea471c072be8a9ba81d1e4a7fd853138f64e265f1f01264a25b24a7118d7758b11d8db8

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.inf

Filesize
3KB

MD5
a8cf4a14790dcc315d764fa481adb5ea

SHA1
98d562c329fdbbcae881a4ea7148e6b15544d753

SHA256
94bff036fd5caac9be2ce2b60695f5b881e06211d8fa3ac771a82974c6cbef79

SHA512
05e08c8293f9faff2cb65aa0b5172324ae0adc1c73469fef4c42ad252ca4ce068f564bdfffaf134f1f72f6671ed4acf27d44d0dae17f354ef1c9e6c7373e37b6

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.sys

Filesize
226KB

MD5
4310bfff02dedf0d13d0b763300bdce2

SHA1
50aa2fbd794eba7a6018141eee510c139408d83f

SHA256
5150461b359ab6bd3be49edd77cd8ff429fb02d4e704155d794989f9b485aae9

SHA512
b181b835006ead6ddffe577a1089cef3b3f56475644433285d7274c6fd9e2bb4d2dd9e3bbced63a4e7778213aebeba5499ecb4aaf4dfc1751d895b862f4fa2f4

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.cat

Filesize
12KB

MD5
91bab7bfdb03f17ef945f26ba626fd47

SHA1
79d5b9f174562756ce4649148bf9ee4bd2829dad

SHA256
5fab6bfc10c7feb4ab015373ad1368a7b5e2391c3b971341481a995f72fc07cb

SHA512
e53cecbb9670ea918e1946419c40ef2fa3ebea1e067e66fc244a701721bdad108a102d6d7978d9741afc144d4a4540e1142f865ac9932709fe49b3e31419701d

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.inf

Filesize
3KB

MD5
e61b659c79361ee58dc58998e4cb6373

SHA1
d6e00c2002b23b7c4414319ebc435bbd404d3397

SHA256
1a15705f3aa1cbbf47c1b7fac1ea8a3e00e17958e6ad6b674be2bd7389a0dfbe

SHA512
6d7eec93f8dd10184707c2d0c343eca5caf9f0467bd7efc2b1e1bacd2b36389ebe062e3b8f6d5bea479f7fd0b1f27458923c6866cf6e322dd928473b1c72f669

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.sys

Filesize
205KB

MD5
0ac3c5231442f711d34748bc5d3144e3

SHA1
afcb04e915cbae553d82ae58d54c2531d144e395

SHA256
2457a0c4a3176277e7db80e406f1ddd46c669e01f3f741c6cf3403da31e2ad07

SHA512
7f94a88ceabd9ace0cd65cd49297b482f040ad31b5bbd34955b25f6aafce315cb6fac28fa0a1d61614d3eeae7cdf3bd63e4191d59f2d17267870294ad8a861fa

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFltM.inf

Filesize
2KB

MD5
e87981c99ff763113ca116a3ad696027

SHA1
f8ad4145189c6afc08fbf5429a6da96aa1d34840

SHA256
4364c725e14a761776b123c92cc492c0404393cfa7960ffa173a54961774cdce

SHA512
4566c22c9c759cc5acd69846fc910760b68faf5aa4573d3f01c328d2bcd24d3cf735215682737752c22e3ebe11e6ff5e49ef8504fc72b1523bf995ac223cd8f5

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFltNobj.dll

Filesize
1.1MB

MD5
a3ef245f632306e11a5b64a2b97c9829

SHA1
d7dc4179114dfe5250c90267b67d82f2beaa9bf4

SHA256
a8de4f22825c5e406efbe4fdfdf63dcc967337848aa5d6a952abacac52bfaf4e

SHA512
2ebfa77be8475c8f0e60f5bdfa05e74c321e95537bd2e41ae4cafa2d5098bce8d68a3873897d8e26c8ff7758dc8fa11b87cbf2366a92ffad7d918d863af45a40

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.cat

Filesize
11KB

MD5
e1712d82f582f98c3a0e78e0d4651c2c

SHA1
6dd1fdf141151ec19916cbb52b6489589bc8d584

SHA256
7ef2dd59e21ca4845a9e09fb64b827cbf6e438e13091fc48ec649ae5fa69fb52

SHA512
0c780fc05b95dea9d1f542e842481f3d18d153a87121ad4cf026d001c8520251641005df7b93c8f17a512cee28cca95afa9ca0ebfa66808e11e19c2ea18c04c5

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.inf

Filesize
3KB

MD5
eeb987061c0c9fe0d0dc49532bc1d3d5

SHA1
ce2a9f432e29a78ddfdd20806cb5724d9e056c58

SHA256
bf673efdb64b7e81069eca5b0c50dfb7e6dbb3bb3295f5d034089cd16b528fef

SHA512
8703585843a33021f4bec2bf674702ca7f48a2fb6f8961539e256212c628660ac75edbf2fe9dae37f3d9267d1ab9451ba0e756307d6133f0875fa4f3898c0803

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.sys

Filesize
236KB

MD5
6c000ac4c46fd78b6599f8e45cc0ce7f

SHA1
c1d7e2809834e62326af0a46cf78f14eaac9dd2e

SHA256
05adb854983e9da8821eff5e50cca5a59ad0fa501966c269bd6e937f29d971da

SHA512
9d590138e97f72307fcf431a273f5af80409c9f2eb848b86b889cd1bab4f6a154719588b85093f244ca912d256584b65d7440dec900aab1160f5cd478435eb68

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStub.dll

Filesize
937KB

MD5
7e75f6671b3cdfabf1e74dc6e0521bdf

SHA1
da28f119b7707053abd8fe157edd9d7345ce4c63

SHA256
08ccef96995cb4c22ce30c865515198366cb466bb2ef98fe6b36aab39c331170

SHA512
ff7f2121e381b710c276185e952957f922767e7e225e5a934997bee2c2dc3eab8ab4f8f275c090e9ab7f259879d64bc26b2fa5560d3ccbdf948d8de8e340d6f9

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStubLegacy.dll

Filesize
634KB

MD5
a24d7cffa168b8f4a742f80f4f4ddfa0

SHA1
885f8f3160e9b6d5b9cc959a1be91ad78c9f6adb

SHA256
8147c429192980729beab4393b5486520cebc2dcb6b95274d55a196e95d12dc9

SHA512
74350a8937c1c46295bfd7b5ef96902a65de3e2d3bfcd482ffc9ba57a2c82998eb1044df81430038278b753c4b2c47b9ba839031da94a4490769d83741877972

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRT.dll

Filesize
6.5MB

MD5
63e8381bf53c0416252d1a014a0d928b

SHA1
c4db51db0436b544226398800d71273d03c9680a

SHA256
c0ab581ffc2859b29588b70b841d2a008674ed673a0e1717a855b41738269f60

SHA512
813852361f6d4841b9c9fe7df4bf03d57e227fcd73cdf3c1e9ecf72df3e3a2632e0f8f7fda1241836aaa91f72ea03c90cff1a95dffe944b6fc868e685e0a9c2c

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRes.dll

Filesize
694KB

MD5
02efb4ef8c50a1d60c657dd19e870abc

SHA1
547069afe3dd59d709cefd8ddecc5bfd32798d7e

SHA256
5831c6fabdb5ff49e965c25184228c08c4c51ba3d5b6b7174ac051b752828687

SHA512
26d35adeed6e81aadfd2e14d81feaf3100939ebeb8ac8983cfadeca1a9b3669e320292286fb07cf89808a027a1286c1bcdc5e8c0f23c8a2c301c3fd7d2fb2114

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVC.exe

Filesize
5.4MB

MD5
672417b44224f7c1ef624de683755c71

SHA1
d83a5b6d903b7c24ee0a458caeb7c3db80e52fa5

SHA256
66a38209fac0f41ad3d6781169faa77c2e384620221c74fa569af278f427eeae

SHA512
9b5cd5fa4fac913a3c333106b7fc375b2fb1041c3ebd78961ee92c164d415fb5e6479ee33e559a7c869a49d1ad75d4e32ae956d7e127c31d06eeaf56cd1d5d2a

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVGA3D.dll

Filesize
216KB

MD5
3165c64b85d9d21a6ff2db42ff09f3ce

SHA1
16e35150c56d9bb9338563662e0185ae76930c18

SHA256
aaaf64798fbbe4cc7362cd3cb4d1aaa55400ae60f406799800415fb36c8367d2

SHA512
1b29c47798f29062cab911a108e289a492d61dbcd019fbd42b7825ccf7720809d0b4f60e29a3bf60595e9b808154a6f61e4b7010174f770b7e208da86799146f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedClipboard.dll

Filesize
57KB

MD5
e9f78eeed4800371f7661e0cfd10a1d1

SHA1
23fb352f858cfc5ddec37565285c1dc4f35aad32

SHA256
5ab420b5b984105a5ada4bf8a5578dce6c3922bfcdfd1d5f15328ca31296e3e8

SHA512
4ad7c3713a42341a881cb7037266af6b86072b886f4808e8745715c86317374b3f271cb8f36bc532af2646b7a6b0c9f25b11766c4b585e5a8a95b1f3b9add698

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedFolders.dll

Filesize
67KB

MD5
d617ae87e5ec1821e9cce9c55595e4f9

SHA1
f39cd6f1528ba80a08b6136a0423804b78ac3050

SHA256
60728396bfa0e5843855d4cc265411ca5ca3359cba2a76eae57afcb7b5967ed1

SHA512
5c950841bf205e520261253171d38ec97b2c9cef0bba73d58e6b905f1062d0efb5097fae963d6b5b7372cab865c7cdbdf89d6f5b354c50d4716c503ff8b2bc14

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSupLib.dll

Filesize
16KB

MD5
b1d93f06d3ff479cdbba4e1c9a64f0e4

SHA1
9fd00492ed595e62e78e80b569e1c39cab9de1d3

SHA256
da0b8f8bc0c91b26477ae12d922a1bd9a16d2e40df36407c50f525e2ceaccb41

SHA512
f5471fd9051c055bc936154475f53c5caf538136f48ad593fa23159b1df31c74956afddd6064d56610789b672d12b2eeb8cd11abb91fd02fb74f8504cc90251e

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMM.dll

Filesize
3.5MB

MD5
0d7e37cfc49b2a947b37ed18967fddc1

SHA1
134a6b26de675f999a8fdd0f2ee757c8338b5358

SHA256
55eee5d11d82a19e7f7cef79223cc5800535d45592b598954d4466f5c1367138

SHA512
0025a9bc8225c2079faac635d29e7d3e5dbf8d45724765a9055f7c74a97b791e51cf5f3290d118b6667473ae02903a2f3830d14caf69e670741e68ddf9cb53de

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.inf

Filesize
1KB

MD5
9ef94bd0428340d94cec3ed921cc2eb4

SHA1
dd94165626d95ab1d351298843f77e9ca0ce0801

SHA256
023cf519b63b84224cb092be487568cac6a75e5da2acb394873dcd48d8747954

SHA512
161b31d7870f06b6fd6648f3106e9582825ab81d2279794ea08eef4ec947740b7c4b8a7b4f21e74dff0e2a654cdfcc9f1f1b5727a8c1abb952e31de3b796bc0e

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.r0

Filesize
1.5MB

MD5
3fba4bc28fcf269cae647d13a3b4cbe3

SHA1
47eb1f7dfbbee99200ac47bc9d5cce17fdd78e62

SHA256
d33aa386475bd529f8c3c9edf9449e9b51b71d8a84515390e405bb246bd57807

SHA512
5ac2042ae175938754ec9918014ea546bd70cea8ee2b9670360b9e4043982bfb103d3fcc6d5c811076fa52205532d5b00e3e6e8923144e4bfb37bb852e8bd041

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Install.exe

Filesize
109KB

MD5
23fcfa8100447716302f10678ec252e6

SHA1
910024cb56024a6c79465f82f55080e906210228

SHA256
e50bef29a5761e459f7a121aca4bd0c953005f501de7cddc35d681434bd2a13e

SHA512
8fe1a51c56fb349bad342c3cb353912b83327f5c51ca4545a1263b4b2af2228f127334837f095ed703cf0e46b5c72fef37ba35a9f2b862c0fd12defee8f36604

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Uninstall.exe

Filesize
97KB

MD5
2cf6860fbdd36126ae62cd6b9a68e082

SHA1
0d6de2281c2f83ea206d6a6259e46f980033b3cc

SHA256
0d2e390ba3aa9f706ae4d5cd5ddab06adc8da485df30098c4fbe5b9b03abce19

SHA512
f48dd46a257cf219a0d79ec49d5622763e7db714c87b0f3c659b8e0528b1bda7cb4192f763fa6edead72fee3cd8488c004f8dad33d0048d7873b7756ab0b046c

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpInstall.exe

Filesize
109KB

MD5
0c7331875db82690b86948c1fb8eac1d

SHA1
fb2e8cd541c721ef656013b2ae122f440902043e

SHA256
2eb76a57e7546b60b800c38cc340e84210317e16fb2c7329d09bc23deef90885

SHA512
0b27c225c9139351c5dcaeac07e7ae0982bfe340ac6f7efe455807ee242107a7ecd3f2c86a9fe9426ab41913721b3c227d2a226c99ea48792fc887444e733bc2

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpUninstall.exe

Filesize
97KB

MD5
281bd3e5c84d35301ec837b59c503e5e

SHA1
4fd001158a33b77f15001549db38e4398de9336e

SHA256
10f55e5725a7044e9120403db8284eac76c05f485a6cbb5dbde10d2a616b88de

SHA512
47d02e1ef91d4bbd1d67ce1ee68d61efb29364b9b9066963cfecc423652e7fbdf06e475572f0f46f367e0c23ae0d01fe2dcaf907e84a822822842d3440846ca5

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltInstall.exe

Filesize
101KB

MD5
da3e3159116e69f1f542892bd1e2ac3e

SHA1
e48bbf9de386f2d067a29edec9332ef000e683e8

SHA256
7a035ad151ef512f54cb4bf8c9bc8fb28e4ba09dc6035887a118aacf4fa50e6f

SHA512
4c514ca647283c1d2ffb5b28ef30c0cb701655a8edd3b9b5866aa7fd2a4e0e30012010794b451cfa8d2a00d7c1e0119cc627df93ec557fb0020d43ed0e4f1614

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltUninstall.exe

Filesize
96KB

MD5
d7f6a5f24ca0d92d26075a002875832a

SHA1
64a27dbbfe27f4867ff8c0fa2f0aa5a3f1968b2b

SHA256
d4f5d26bafa4c3e3c466fc9395be81eff8670cf00a01bacd3f5bd8c22eb460c6

SHA512
f0566e17920021feb18758302be8c3dcd3a02dd2f5f6402888b84daf6f86a668f8d692c8b448ddc275f92961a1abba7383591e2f77ef713447e498b9d7eed0ac

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfInstall.exe

Filesize
102KB

MD5
0642ecf0ed6dca6938ebed269a3094c4

SHA1
ccd17c3e6e0eda4a701c5a8f25df50c948fc16e0

SHA256
d37b9ee12110b1fe757990b8f9fc7e4fe9350c4d26e52671de6c55203f629fff

SHA512
6e975d77e8766e686861cc6fc9fab195ecb172d4d4ded1ae02b962a285a8a5e9ed4abf46b04777582b2f6224f362db2c035329c78a9579c4f36fd8593afa0a6f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfUninstall.exe

Filesize
96KB

MD5
c1daa5ef4cbcdf5d4433a3b0e9825c6c

SHA1
2c5abc45abc8a58ab66528d666c2be2e7d22f294

SHA256
ec2c0a9e11a9072985132004c9962bc528269d7a92bd11d105b529e1d6e03e8b

SHA512
ffc650aeb4c57e0e32020cfacc1845813d147cdc5c5fb76fc66fd7f7debffada389ea949f31e70a64d94c4d4d97d9ca2abf45345470bc6c9611a41d746e7f3b3

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPInstall.exe

Filesize
17KB

MD5
e33988294e3bf2912a26b9f9192e7580

SHA1
66ffa50a155fc6cedc1774b8720ee603045a38a3

SHA256
f6786abfcafc774f6c70dc85ff702c7779cc08c5e7bcc088bebf71b4ef46d58f

SHA512
f3554a30480a2dc8981e86cb6bc32d64311a879d2e9cb922144e7c9dd471138673cfd1348d1d3295b48238cc5931c785cc02b6a4bab1e13b6e15719375e522de

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPUninstall.exe

Filesize
17KB

MD5
5406b2c9bf3b15691375fb30d1c333cf

SHA1
c4968cd87617fb577c6f136be47b53e9dfd7d324

SHA256
c7eccba4a31e43d4b20a360c7858ed7eb12a6252202487b141422b25eb268fde

SHA512
a37cc0750b2a1094b16fbf118a6dcc8745f6b0390c8286540868a77e98eeb17181f67a57c96767e89520d118381d50429f05b082bf509a9b763c7d16de0b5a66

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\comregister.cmd

Filesize
7KB

MD5
4c0c8a2aee978f63ff9c9bb91eaa98ef

SHA1
784043ee7acbedfa92ede9c6aface266e6ab0606

SHA256
dcddc8c892e73bdb7e3a05d3d7e5ff8cf193ec1e27497a3c0bf5641dc542ccbc

SHA512
cb22df98ec3e32d315e19bb139e08354c30fd64bb7ae11fd86633c042e9128dea0be1af275a9438f90114d1013d6e662327c3add7ef60797aacfd0e22c83bc62

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\libAccelerator.dll

Filesize
168KB

MD5
8041ed0f7b41a89d6aa0fae432ba9316

SHA1
4c30b8a9647cd06a7c3c6d883e1dd9ccbd7f716d

SHA256
5a5f25c1d17557c9cd8740967f2c8de8b23d1caff2011043cf61e4b59cabb9ee

SHA512
3b3295605cd2d043ea6ebb0e0489f2225d85e2915a1f15e1f8b5424fd7140828f3e342a65c42aa5ca243ba3f10e1e27ecb5e16865484e407fcfce9aa8b96485f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\load.cmd

Filesize
4KB

MD5
cc59f91feffd99c115c0a903cff28168

SHA1
e83df545f5d390d0b7210f7aac0d4ef37e00f0f2

SHA256
25bd2bd5472fb2097f2e79e66ffc3bb6aa3d2f974bf9b43d08045f09928a2efc

SHA512
46369b7866fd4215620806a7c12938865bf7416447ccd3fc15cfc6f3905bc4ac07a162b015586183e3c35ff17b607ba963f6ade3de81f15401e2d6d3418756d8

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\loadall.cmd

Filesize
5KB

MD5
571b20f2505a377eea3b6a2bcb2a31f9

SHA1
6240b4fb57d2844fc7a5bade5096f096617a86b7

SHA256
13f7090c7200549b7853e929931ccff1ba29e3497286d37866c14232f1048c8d

SHA512
930b966ce36d21014bfce9e117af38718ad0a0ea1b49bc1fedc6136ff71b043107cb07d8a879e3588dd64f45c2181fa7db6261363d80f5bb31144fda673d34d2

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcp100.dll

Filesize
593KB

MD5
4f096d96285e06cd51aef7d2d3de04da

SHA1
c90ef0eb5b1a0b1b85ad6792291747fb6307dcdb

SHA256
5bb420fbe28315f2117376052bb8488ce84a3398dda65005b8ae1f792017e9a8

SHA512
80f558c50a71ad9c4930b3838b481e4fb453c38d57c91f7f70c1f86e4043b9a4fbcec27d7c025285504cbf3bde7c50b4770f18121d7818ac58e2ee9c2071f97c

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\mumuvmmvmmr0.cat

Filesize
12KB

MD5
d554aec99709b5e977ac72b2e4cf31d8

SHA1
d12dc22ad13349970effd971c77f9d5a165ce2eb

SHA256
6f0ce3c8c3f125d56e6f6c19afc88d38c4679475c720afc1224ab29b8cfb451f

SHA512
4a441d764792e23d8749b2eec563a66d2a4fdb6c61e195fd76095aefde1b1806f7b5699080c0539df4081f0d15c53e8dd5eba76171abb9661b85a7004bb47038

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\my_upload_md5.exe

Filesize
735KB

MD5
ece6882c94aaeab536fc8a168d744e04

SHA1
9ac8a75b32c9f846231994ef43b2bc8e7bad44d9

SHA256
ab96dd5cc65c4bb1b827561496af5712722441cfd9fb3418847e274e7c114798

SHA512
b6b1a8bb1e3877e2280e9ef6164626da2b580e1e9471294898a1bf27e231560fd3540ce8821759a0dcc7b6680eca81500152d666492c1ff7fc9cdc8bd33080ae

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\ucrtbase.dll

Filesize
969KB

MD5
aeea6662f0f7819a077b99441c36178c

SHA1
c3a2ec7fd791235b8b1f2371e94f25a1670f7d00

SHA256
cd48756e96740f84a2aacd6c308997a4a36a953cd77f50cb54c27915a5c5c302

SHA512
b4b3c42e716fffe98f1c65bd2b0f522725ab8b43a7739c0a925b850fc0601e77cdc1e2071813229477d129caa73813ef6eb5c4c806d1c48c90332c429365d639

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140.dll

Filesize
83KB

MD5
0c583614eb8ffb4c8c2d9e9880220f1d

SHA1
0b7fca03a971a0d3b0776698b51f62bca5043e4d

SHA256
6cadb4fef773c23b511acc8b715a084815c6e41dd8c694bc70090a97b3b03fb9

SHA512
79bbf50e38e358e492f24fe0923824d02f4b831336dae9572540af1ae7df162457d08de13e720f180309d537667bc1b108bdd782af84356562cca44d3e9e3b64

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140_1.dll

Filesize
43KB

MD5
3b22b2ec303b0721827dd768c87df6ed

SHA1
86f8af095cf7368ccbff2d0fd6d33586145acd2b

SHA256
3b792da47040c3b3e0804cdc5153eef4e802b6975963029d8dc360cb824a7b62

SHA512
79db774980ee132797f7e7dbc0e055b724d8fbf0e4917523b285f918730adfff81022cc6f5e15469b011d55501fd7b085bc070e9ecdfb75c05f4d6622a7f2475

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.63.0\VAddressDevice.dll

Filesize
67KB

MD5
8c7fa231e13b7b380f8d2b456bfbedb8

SHA1
66e153f427c44c90ef1e59e92723e95a99f75e8b

SHA256
310e5d67c32429145f05e82848fec26176fd1c50d01418a784669c32eb0288c5

SHA512
a62156e2f6db5b5efcaaa17d30233c167bf6b062d6410636d99e56fd0361d936ff3fcb8b80726165dda7bac0f7eb3b178dd604614a380addd1ba7be508e2e4dd

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.69.0\VAddressDevice.dll

Filesize
67KB

MD5
5396238bbc8c218e819f6715b20e6031

SHA1
55ab28093742e28424688799729bc46d60a95a4c

SHA256
33236aa3dcaa4714e0e663799a3fac83593c8afb6e164c1c1c2fa3176a95b15f

SHA512
54df0b2dc50a26c1597932e2362c7c3c92afe83c262a8fea7221c15a3f77caa55897d34c675370eb9b7b955cf2398d26c1bfec4d3e0484b0606b57a4cf0f9c1b

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.86.0\VAddressDevice.dll

Filesize
69KB

MD5
e618cb77d4bb5f61a88fdb91303a2c1e

SHA1
df3f87309db42eb084b46ac963e1c7d69eba8a78

SHA256
55fd58e38c0a9e2f60b5c03750d45ecf0b1b7b873b84a531c224e4bcaa4bd064

SHA512
5acd329ead414008cc670303f404ddfa68abb67dc6f4211d932bd74f7ccbf36e138caaef1ea35b783be5eb11d2efe2c33fb0088aff8036c3fa738db9f5c62020

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.92.0\VAddressDevice.dll

Filesize
80KB

MD5
c452f408b06cf88692c03ba5c534bd76

SHA1
8b3c315e115ba8ffbeecc7878a3034cefe65b5a3

SHA256
bc2f9fa16c1899e8d92a5d3a3f7dfbdbb9a1fc124e252259f2d86f207c2b09d4

SHA512
3ba6e6ffe15a3db3c9a5531a6572de75e428f0608a8b8abbea8e1c3e84bd6a278524b818e9b2351d2cf10094d881696e8051272ad0bd741c893efe31b62f6ae2

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.94.0\VAddressDevice.dll

Filesize
80KB

MD5
d1b49099704f416236c17d028c2a601c

SHA1
b7b04f381dab7838e7d42d5716652debe287ade7

SHA256
1baa6c717e0b402a75872210e878749d021e6b354d21cb94e59012d2f19a9b32

SHA512
c98a3b8e4294240f556603bfb79fc06a92a436629c84284b7beed0999296469e4315ddab04ea0e76cca22a40641272dd53a88d5d0f2570aedd11c0dbb589dae6

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vbox-img.exe

Filesize
2.7MB

MD5
258a8fdbfd2097c1eaf174544c40b193

SHA1
80c0565244c49b9c2ac69e72e72e2bb23e625fb8

SHA256
730ce3b17a58e26bdccafc9a929738e2f204bdc57281918d62cd9845531391a0

SHA512
c7e98caf9e0b5db6364a20bf6b518172524e4edaaaf3041ed00399cf57ac4474d95c0094596bc8b0447d88cc27c6c4d1995f2dc034535717fd86d755a0bf1f24

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDDR0.r0

Filesize
189KB

MD5
f4ed8c30dd14afd80baf61af4f8aef5c

SHA1
e3d6f1480131e932c1473c6b1d4bec6ec6c2aaf1

SHA256
c65929b0e12123e079114fc67e6052e03de5934fb65429d637b6242fb021c5b3

SHA512
922862e372048f29d4eb39c0a2e5fc921e6643e454825f476cfb98780b3d02181b91a9b6f5590d5f4206d7de391aeb6e5e3b72a8a9ca321b77bfc10d9040a3e8

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.inf

Filesize
2KB

MD5
2741226667bdcd9e759f536756f56eda

SHA1
cf437c8a63ce26b0e2a573409c976fa1f7c629c1

SHA256
82606488633ca10859a8a80d00be705a08509b35a9c02aef8b3dc70335bdaa93

SHA512
774699f466a423eb24c1d3b5ed45f49e2eac8f931fc7ca825d14a10a19402e3fd95ebdb5c7c2cfee6a4aa6219ffc157c09a222512fb7b3cef888756c1c12c810

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.sys

Filesize
364KB

MD5
55879de9dca1782537ae1064b2760007

SHA1
f5ad275c3ed5bd8baa829edfe008b626e49f42b4

SHA256
a9bb3be7ce97d0f4ecb78788ffbff7379ab0f7548715049b59a587ded1e8dfb7

SHA512
d8efac11593638fb2baadc7d173113601d3da3aa30efa0af3d295e8f814642bfe81cee7bbece2426ccccda48ecf1969f9de04fb54b44f185ff2f9f740178eb98

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.inf

Filesize
3KB

MD5
127d117df95f3a294b254f65ca929340

SHA1
49f365425911dcfb17ce8f08aa156a66878f0e4b

SHA256
6421fe11bfd94be2a659b4a39483dd71d0c983de9d26caeb22ce92d0d224f39f

SHA512
13e9ee1496af276ae37e8dc236a48109e06b0b044fe05d88415939d3a1db0076a0c95cd7c88e715ac4df01603dd3808a6bf21ccf1ab19895b782b2f91f32f08f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.sys

Filesize
231KB

MD5
565d6d7e77d6fd5be5ef21fa8188a652

SHA1
02bbb60161ac4da75ced5257633b52462baeb908

SHA256
8517e15ed543bc12a940b03ac5da50c63af1173813640bb1569ec62e45073584

SHA512
7f4763249278e8c89559d0b32646ced82107b440a9819cf9ba967a0cc749114f02f45ce393ab89a07bdc89d6febe047304d5d2e85fa8ebf48cacde814e3dd2f1

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.inf

Filesize
3KB

MD5
d284b3ebd57e803451aee5aa7d07d496

SHA1
4cf6e3f2984fadbd2fe71c6a0d403b2e5c2cc759

SHA256
f2eb223b9f3eb6383bbbfea0b195f3672e8492041d8bfe89505f2f3cc7d462bc

SHA512
c11de75732b67fa2bbb695e60c0c7f75a52cabad86c58d72a05b4f6fca56bb886bf9451f6ef5abcb91c3e65f195176c45eff15846ccc60e7f782fe725685b5ee

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.sys

Filesize
241KB

MD5
a8071a473dcf9147820fa684fe725ac9

SHA1
33bffd62c5555692d3d314ba211b40414f5f580a

SHA256
f377895a45410c5585c27ffb7a44b68b1002985f0c03f562b4b21ff6399f8eca

SHA512
436af1b9bef2cadfd1ece3215cae1662217f4f2e5a299f4773db6748c6e26a78c3957a2e314c4faa22b930b08b811210b25e176f3a985ec0d9322d66077d4250

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.inf

Filesize
1KB

MD5
3a31f44dff80797d944dc1c76abc306c

SHA1
02a336a7614ec019a65a90c971c648c34c814e66

SHA256
f39e3b98a17d4d946879284466a27ec946a07bf869f59ffecbb38451d81337d1

SHA512
1e3382d8bb6f99d96ac9272d9aaac5012fcb31e83a072d22cb4b8965c8c636ccefd31f61e51ac6b8fa79b7fd70038fc259dd45d22b9bbb267f8f17c9b66472cc

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.r0

Filesize
1.5MB

MD5
a5c0e348e7cc0e4cc570aacf9ffcaf29

SHA1
446506fde338687fcc91b176361b51b0a8133045

SHA256
3ae59d3eacd1f837d3163817731820b93139846021aa8aa7220060d174d6cecd

SHA512
966f4100f17bb3a89f650c30f979f15023105f1db2f840a03b31bf53ba5188ff5994baf110e489060b858296b49d620551111695127da8d0ff34360a58c65822

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmdrv.cat

Filesize
10KB

MD5
838ca6cdba04a33267a12f9af842154c

SHA1
a85f476eec0f129676a5552e8984fe9ace437118

SHA256
f10c1616e67f2f9d4ccc15e59ee3df8e6413129f6905db6aa84d9ffe7e7fe662

SHA512
3c522db4d5e835d8fd342ce65f0ec876b3e20dff1c9fd7044b04cf1a0f7fa9c7b8766bbbc8ca71a25c64a7e3ffdbc8a04c7b110494ec440806961439b5b9ae34

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetadp6.cat

Filesize
10KB

MD5
cab436e5abe7f446f8848dea729679e1

SHA1
6c6175df099341fdd9a67cce631e2fe55fb1dc2c

SHA256
ff9525380df941cb1bd07fd72f27882db4b96699d9b785e4c3078b3cbd6ae618

SHA512
15b3c72e20e3c1dd1f184e6bd6b8541efc798e7d57878bcab44bcd46f8d30593faf83596d5d1e0862558cfd316d5f1967be912056efd0582521548e9c963a9bb

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetlwf.cat

Filesize
10KB

MD5
6744dc4f16200c37a96cc3a0e5556285

SHA1
e338196e4af4d5a19b42a2a03cb98447625673d2

SHA256
5aa222dfd3ab9f7316c1c39441946973ab801c00763375a90cf7532b592c4086

SHA512
ba89277be0f910184f0a72a1b0f1d7aae2e540775e86d48f42ab9074e58b7ff6c3b2cf4c717d3d1923f7ff10886a76bf926ebd6189872c6c3fca799fb74b0213

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmvmmr0.cat

Filesize
11KB

MD5
2e23d6718ce96dbfc1be7382fead6ced

SHA1
09b89d917222114b82ac1c3476ee31e01c33842d

SHA256
0885d7ea48192a21d5f37597315c961f6f6a569a4c79080c3229e3c443239efa

SHA512
54f8737e7d3139b654860ae0aed9ec28d5c2049b1e76bff244f8524196c4516023a7cf69b03e4151106eba7145f7c8ad5ae5c2cd62d96cf959e97071aa1b85d9

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml

Filesize
2KB

MD5
5435f060331a523b9e5db9c9957756aa

SHA1
e0f07b59a0ac83b7cea1716cdae4a59aeafa396b

SHA256
91d7772e4a193e91a093d59451508cdb89448eaffb4febda26789777afbacf3d

SHA512
536e731672c1348222490d39099712c7bbcbf8d0c6be5d0f3517c10feb1b47d7942c18703e18c28f36774546a41f18d61fa8096e022a82947d43b11a2641d187

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\SwitchSpecifics.qml

Filesize
2KB

MD5
e6dd3db4f8a582e30f07b77e801428f0

SHA1
d207e34278440fc9b47c6480a47fef13870ffff6

SHA256
a3fff66cd7217029792e7fce403cc658b0ea03b2d3a2860f57479c8ea6bc1372

SHA512
f58e27d7f36e05cb1d6277629ee2e3cc239b2ba73a75d1399a048191e4443dbb1360922b2cc0d36c3a19b04fcdb64f5dbbd0a838736dca658b9caf856031c5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
1024KB

MD5
7d920d022206d9e11720c254badb9bba

SHA1
81ea2ec8869e7463e3157804929493fe9bce3d05

SHA256
4f55c41c516573e095c7c2ad2e78e9e063a91d86b59979b5b5fcb35c181a8fb0

SHA512
f133715144799719ed9e5590ff6989fc1448dc8c9386113083f0ddaee99962c3c04a858b34ff3423685087fc8419052e7ae3bd42b1d19dd5b8c1ccb824c1244e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c007731b4b7f6089d84577f6866452d9

SHA1
8cc78e2652f3bf4f1b9dfca75c86ab7020be6d5c

SHA256
2f67775d72c77dbe9c32c75f19bd41f38479a47831c08304faf1b07a464a21b7

SHA512
a5d6cfe1d2ac345da33ccb49d8daaffe60075fdb4f83c837680c775d0fa1f243652da640dee9dfd889ee601b5e02b021d1d912d0c74e1f44ee853fb5f5ae7214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7f96e255369d07a42aba27c49201b543

SHA1
03fcd142653aea7c22bfd743f644ab301d19d9ea

SHA256
13f19cbb3c8f733559f0d8bee7bafeb7231bd460644167e863c1baad67ee75cb

SHA512
f2b37f246cbcaf7e8ff2a2fa6eabe836fdc078c7faf103b61530b2566738fc6099b93cec9da37c964a6959ac88005de9910a1d126a85646e32150561377d8d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
646386d04807c7b48385f81d305fb993

SHA1
f01a0d0a90380e80676d5d6e2c4aa3cab84ed5d0

SHA256
6a0daea51c95991846d28c2981f7c947d08537a4aa2590395a75b79ed6a9a269

SHA512
b7d8c0b33f3e56e1ed4f4da74ffa2c2c26b4e1e2900729be93ad68426424b1a89e8a86167185d1bcdd91ada11da119ac8250baee4c8215253d393262249a429e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3595be17-0782-4acc-aba6-30bc1580fe6d.tmp

Filesize
2KB

MD5
2edf6be893aaa0282dde39bf0c5d4dda

SHA1
4d9620efbac3238cda7a66a05e8ca954d70f09d2

SHA256
e41055be32d9cdc000635bcaaf2fa4eae4004821156bcc237a628b6821cad538

SHA512
25155a4f3a3a362124d575e889510c90c4d2c6671b490dd928cb87c4cee0373dfe431ece9488483ae7427c7209a463b69c9df80d9eeb6376043f0c9d76ba831c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a4b2552493d3dc810098a5e12f9cec01

SHA1
1ee86708adf612879b900fd4670b9467d078b7ec

SHA256
3301461107f6fcc5275aabc0cc4b23e5fba1bc5eb2c67f7c880951de9b19ebb2

SHA512
5f4dce88bcfe971960a85b8f25b6c122595fd73abfa3980429226a98dd83f2d842a3045ade84cc07760114a902a7e4bbd2a10d52496ae42b92e5fb5826af78cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
fa76f5d7536d6cfd33f1f3e8ed8bc00b

SHA1
e671088328036f1bc3f0379e483797b9fd6fc8dd

SHA256
aeb1c93f007140dea411027ba8d135630e709923fd35bfd4f99e5fed4fcb8757

SHA512
1aa0c98f04e2f22b405135bb97e86b47f40fcd9da888be1f764fea22f65fc933736e76f3d347cbddcb2e4724177a6c55e52722938d1606044945f56ad33cbb39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d4acb0b05e9958f8605e6ccbd9622f20

SHA1
42eee4ba1f63e3a08cc64a6618950ec5d0f34efc

SHA256
748e34be379dd3e4400956660b8ebae5530763f1451d23365e040940d33deb28

SHA512
45578841e78a0b6dc8f1c4129f728a2a5a7f746ccf0722eefc7fe711e00fd0c92ca4aeb58e45fd92e2468f113f6ea98b3f25330cabe1f472b0d004df9b713c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a628adc07a851585d217d7f16ecacf05

SHA1
7e7e24fe9207b195d510f4c999ec6a07ab726ab1

SHA256
1c98736a1335403ffd42dff2133eb8f7c617f06524736a0176e18ed183baeaff

SHA512
df3015a557c4f71a0dd6aaa3c451d0b0365bb597014e31c913ebfbadd76919750e431420c7bdf06c8fa7cf6034c2850159fc6beb0f012926b5839bf9bafac09d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
9fed18dc107f1b27708eab56d60aa71d

SHA1
95b0c4db5b8b9039cad18f57476b92c5d369c6f1

SHA256
3875ce249abdc2864801d9c806cf8a82b2ed56546f94a2f81e6201c3b0ce6dca

SHA512
a3ce3f20c9873f7319173bac25d726695dab67f9550312be2e09d26141f2e5f8e87edc58574d36fb02a5826e3fbdb01530497c00cd4fef3d468d07a81fcf7f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d9fe6ffd787a9178d7ab210ff0bcd22f

SHA1
6963052efa2c190effe4577451e2b5d076141d1d

SHA256
c92dd5da7267fe7916702625e3831ae6a96e5f77e0b9a8fc8649c7eeedae33b4

SHA512
fdb30671b35a1a266e09b8377ec1552642bacb813c782eeff3c251f3680b2dbfda9d36e8b1ddd2fa8189b6b29442a9571c8243ff12ddda9e42dd036176a25ead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
3f02d9edd92e5e0b913505c71bf80b6b

SHA1
b89dcd64d2287c34ffaf5774be3f3aeb26e5d27f

SHA256
b0c3ce9f8c3ab165446fe77a15939f5c0f53438c48a7c4ace0c7e9847fcdb290

SHA512
08352265cee34868e80f541a8869a0162bc0ab002f55d6919430b2536a89f444db9ec87d1d98f600573b3ddccced4a7edef915cf7240d3c05f23a04f70ccbfc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
9a9dd2d67d942765b20a6aba2651f224

SHA1
b66cb42115a9e7867fcaadd6fa084ff7f4897cf6

SHA256
1fc04964d6fc0bf53263d1a11b84544bbcc578be9ff373c125c4af693ca82c7c

SHA512
b8be264146372cc64c8738f96599363f3245429b899501a219f06b8232c4d8a3a6f5b0a1debdf09e2d3d27757ae93432a380d49306e2c97d24beb19ead9d6d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5f90284668da8d921d99d6e20f2fae16

SHA1
bd1ee1e3ef0806d00a108f9f7d824d345c2b8890

SHA256
a450e4dfcc25a5f23ba398ed660c5ba2a23e095f315df5b4bca4f242718dfd22

SHA512
997466b32144932777a8aba33be8ca0d8274712db74c5ed7040592df0333e39106326b9049a0f291364c91e697faf05071ef70024e0c0c7598643f7a538450e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e4ecdb173f14be3cc2790d33f4b00384

SHA1
9eaf2bb96a71271f2e3d627c2c3018b77faefca7

SHA256
67f97d143cc387f839608751636618349f2ae8badcf16a47e21b99fe7ffbff12

SHA512
bc335547734cdeeb336e26b5bdf8aac3d09629d96ad5ca0aeed2f6b2e8883740f1c1969e486e1df59a1d9c26a534ada4eb54a665a6e0c339cb93fb59924fad91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f5d3af1ef2253cb4ab8bc92377f6da9e

SHA1
a1c529a8a408f2a34741eab31353bec1cfb37f89

SHA256
4ad9b15078d87e90b7cef570b77b9084aa726511ccfff81d1fa3562d699c0401

SHA512
2d1a35da0a0addae69e8baa773368f5cdf4063601972a83797eb2d7058bed8881d0801f8b8ce7aaf0f522307fa38c949b4d7e89fe991c8d2a4ad5d28b38ccad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ccc57b623dfbd758d1a5ad636fce3b4f

SHA1
d0022c3d892f894e343e69e0d224aae0e3eeee98

SHA256
2a3e16d106efdf56aa1262e8cfecde8a309147aaba505d20cd965904b4f7e5f1

SHA512
fe69d5139f13bc6dbf5fff37454a138cb272217a6d0c866131418e09fb018852862cbcb8035c27b40a913fe4f60c76fbe152b58d2630873e245bc9e09e0c02db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bbe638750018ce9b8068798cbdecbbea

SHA1
68b3ee2498a33a0e23ec020100cd0fb9878c8ee7

SHA256
879bb7682680d387bce4013b2493e043085b9b2fee10ae01c8a168e9091c8b20

SHA512
abb988aa844b6e11e92d42ad0d38738c58afd7c03c0ab3e9f75df4a2657a63d46ce67e37244c4a9746aca9e03a8daf8a6ad3f697e647471609c4c6c2936af86b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6b17dcc77d87c3306b1c810391eb05aa

SHA1
a6401b3581b3aea4b6d0570d89c77ff14a89c19f

SHA256
0bbf07cab93dd19f73e74ff983cdf28f117749dbb7dbbaa5e3b0e759ba48b5a8

SHA512
89375305abf5052c51f6fc9ee897da738ab8eab5b4bc586a5d548899e10015ac7341bbd8a49b7b01863bc2ba93d776ba0317a79fcf85c5b1d6d50569a26ad1ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0b844e2671ff059ca381ab4a57b66a38

SHA1
1ca4e771c33d8a7431abd89496859d5560edfebd

SHA256
179363d74a1753aace78bd835cd9e7be86bf0b8365d31fe7edc2781283f22d86

SHA512
72b6208e0a1386737a2e346aab2fd4e0d6911219b9b841c8a30b40f61e0f02f9bb1daaa22ea60bae280c6adeb2e0121097df074fc04ec718ef6c9a6148038c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
efdc368374c68b48a89c7dc48ef1fbad

SHA1
95bb0aaa90bc03f14bf7592785ea6ecbaba52b01

SHA256
e8b89ef7026bc7876841955da8d7072a5918d100e9eb76eaf9ba175caa0d57b6

SHA512
cdc5d6e52081c2c6666cad5982a0c09da09124834fc5af235ecf959d43f5d443034b181178dfd361e95d76cb7f61f0a3ae2b6d5a016495133ae663ecfa176af0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b70a2f4f04e765bd781be29e65086934

SHA1
688c829e4e69308f253ea08e3f8bebd1a72b830b

SHA256
3b5c5c46235004a3f9a46600422bd249723ac97ed637a73382ddd8c59811ac6b

SHA512
77aa42bb00b081a01253e15690bcad6f312878f9a48f1c013ee4d9477ec2904c111dc1dcd22801a4c83541926c0b1814cbcaf2974b78a4f850211e3ab9517044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e753da7433623c6ad3bdb0fbf29d19ff

SHA1
8c2a87ff69c9c846968aeb7a5306edcabc1c2c52

SHA256
93a8a8a3311ffb52ebd8f2c62c0a1127321e9cd7a22b10b59be724d623860e93

SHA512
8c7bd140ec7bd3c99821dca2f2d65f5b6e71e9340f5dc17cc80501c21418e67051128140066c23dac44fd29a28a2b7c14fd1368b47d13903e9c2990bf529db2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c86afcc22fe01848ddb4501e6c5b644f

SHA1
decdb0cfd90bbc659a70e3f863c702d8f6baa5b8

SHA256
0792e4a990ec41878c646962d121b96417ad656305298279d3f41c7bd8ec5ed2

SHA512
f7fc48ea013da12e90e70f803d19d9f59ae63e34a33cd66a00ead8f1b42324d95da5b9b637c28cdb492a396a195988e218b607c67404c3b3c72f4f67f0467564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
ebced0e23829cce6b9ff3300de3f1f14

SHA1
de949cc240f3b8b3497277b604c8149e34332e4a

SHA256
15d2df4745104cd941d93142e677d477c78b29c0727dda0cbb954fa6a8e7a678

SHA512
621507acb4f8d84294595fe1c374826d6ef44ed9441355f0ffa6e2b489056ad58f305077eb971f757d082219e910a9e42670bd497abdd7daa3478190d4f4e381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59d21b.TMP

Filesize
120B

MD5
d8ff83e9576e23e7c6431c97612f8839

SHA1
65082260aa3b007422e122c3cff272fe9663c7e8

SHA256
abb45f1d8c0eaed3596cf302d2ef8619b2ce749eae233ad89f6d009c68927ca6

SHA512
4431f56230d1b48eb18aeac791fc3e35fe7dc9329bad9442a9e3215f44d77a3b3e312e1545b39bb0295caca22face337dc1c3a628ecac72f41bb22eedf2779e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d29a26ca-7378-4cd6-a3a0-2a76a17035c7.tmp

Filesize
6KB

MD5
d5dcbe09be2ffc95f1aea59c3718f001

SHA1
f8ba4209bbf693f913f965eaf4efa844900ee29b

SHA256
7417250962b16a580de8c678a549c164260a756c7680fa7e9d3620dca1f39771

SHA512
f55576e92f26ebf307c3500c28dc4aa059a3234cfcda5cd3ca80d64a1eef5c716011889ed93dac5b9e353335dbb3cd994fcbe972849f18495c8e1544939a4a14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
451e2c8173c35ec14ea3050c424d8444

SHA1
e2ade4fec45a8239687fbc69fc6157ca794ca706

SHA256
4d601181cc6f485db8d39bed4310beffd223dfc4a70f792835480320b0c6545f

SHA512
0190a169588f07bbf3250267602661b19de947020e37d8ba5bbfcbaa625b9582ea1cd8cb8d6d6ca0b90efd7baef3780e83efac8923a7c7ae6575d2b005ab2380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
ab4708f3d848e51109a69d4035bef211

SHA1
0d5e4a91bfa32559bbb54a46550f487cba0ad09a

SHA256
a073d5d4b411de947652f66112004eb6284a618b7048758c477e61352ce429d9

SHA512
eaf5a9d56e2246dfc874c829e3682c7b2040b85969a45944091b91732b4da5a7b702b751aa361de58babfdf365257177516a6f8da9529a96f824daeca2b49b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
7e8be297eb82ce7775e2f73ed8c58f88

SHA1
a6357eca1fdb6e2780f781920bfae5047c5593af

SHA256
14b18d15e7e2693cdc1764bca312e616bf4ab62501c58b73b138cfdb35038273

SHA512
a7e6cfaa1a0839327fb28a798bb9874b69ce45ceff7baa32db91db52180c0527e5d78e557bdc50c6590c7e604e2e0053f1e6628ca44739d8022b0af5f0389c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
aa10124e36c61401c36ce72a484f77b7

SHA1
ce590a8ed313a84a0420218984a5822d3027cda6

SHA256
93f78b6ff0dd2fac4c9e237dbbc9125462184a3991f9efcfe39ff28dffb35029

SHA512
5f3d13b093ebb418fd3a69eee583980ea99e35ee4fc6c568cc0f7ad0741eb0fd36523376277cd6114c6de6cc2dab953dd2ab3e30b47df5f7ff0234a8d2f1e10b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
3f55cfe9604877af94209b973c009bff

SHA1
14d1df1b329a13273c599b315a57887b9b1371c9

SHA256
d180b468f44fc0c771f24428bca0a248c9ecea80b0d01be69649bb7b6358c154

SHA512
80b95a4abb68af0985111354553c92350ba5286acdab827a188bbfecc6fa81e59cf00762831240fd7cf06554037a5e02e2aeba25d8f636ea3e4c46d18626e8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
87KB

MD5
f9b86544c098cbb3d9493ae67cbd6d1e

SHA1
ac1a2aba96423a23f85e398a9052e1033e1b3fee

SHA256
cbc79441a35c840e1cebc26f37b30be44f194239fb0f373c31808489c6515721

SHA512
ef13facb9c63c2b103558871eb5c920420453f372548c9a20cc07bca799a5d4b65b8c4fc58dc04b9503a9a89d4a3fef25c76772b25c9640ff759840ba4347362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
cf69531cc1b4bae9f520c44f4b947265

SHA1
99938d2788bf216909292f7e8eb554c5f81c3232

SHA256
182b9eef81e393fe443a52a4a1131057b8446a464d4d15365bc64e2bc8e91a92

SHA512
c72c699b66494d153146e9b328ef5a46d6ef62b9f3b6b3b72116174db890ee687fcb83d5796632ecfd279034af75a5c2d8735414a5cfe487aafcf7be003044a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a1f22.TMP

Filesize
83KB

MD5
032cefd68b70b11a9c4d457444fad1a9

SHA1
3ed4d3190b6304007d008446e68bae1b622f04c7

SHA256
9fc433ee789ed7f3dd77a6cf211403019c07d838b34722d17e4b135cec57e585

SHA512
c648581060f96159d31ca389b1a8cb67a539b0d52cb0e902179f685f9b830916ec02ab7aa6df5c90dff202a46f65c025f93b8d83d167664fc62614cbfd14d70b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\ColaBoxChecker.exe

Filesize
4.0MB

MD5
839708e3f96cf055436fa08d6205263c

SHA1
a4579f8cb6b80fe3fd50099794f63eb51be3292f

SHA256
1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

SHA512
ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\HyperVChecker.exe

Filesize
117KB

MD5
dbd84c6083e4badf4741d95ba3c9b5f8

SHA1
4a555adf8e0459bfd1145d9bd8d91b3fff94aad0

SHA256
9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39

SHA512
fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\MuMuDownloader.exe

Filesize
5.7MB

MD5
2f3d77b4f587f956e9987598b0a218eb

SHA1
c067432f3282438b367a10f6b0bc0466319e34e9

SHA256
2f980c56d81f42ba47dc871a04406976dc490ded522131ce9a2e35c40ca8616e

SHA512
a63afc6d708e3b974f147a2d27d90689d8743acd53d60ad0f81a3ab54dfa851d73bcb869d1e476035abc5e234479812730285c0826a2c3da62f39715e315f221

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\baseboard

Filesize
115B

MD5
3b9efab59f206caa7dc0c0e144dfe383

SHA1
2baa1a95cf0fa581862d41ebfed4f357a9da3cdc

SHA256
7180ecc9147ac9b8292c51f349e844802e297c853583dd584fdca8a263fc0b36

SHA512
a1c0c8695c53fe74411ada296e127d0633141479bdce1670a7c0db420583ebe967af78a4199b87cbf851ba3eafcbb653b69f5e2e06ce6843f79f3f4dfb6f4b3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\config.ini

Filesize
346B

MD5
d00fb4c61a255b58ff09886c6c72461b

SHA1
4e4f7d7ae36f67a4d6fc8479f8400b3eb769e978

SHA256
77dec4d79e1e844a2156f101defc0fc81c138a989e8ba1c722c58feb91b3cd4a

SHA512
8494ab9fe0594f3ff7b0893ca3e25d6d0a706e546e92c5b662aa864affcefe5f9721a6a95f37f40cdacf39d27a23e2b3cd5dbca4d7b8909cd7c186209d4b46db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\nemu-downloader.exe

Filesize
3.2MB

MD5
cdf8047ceae80d9cd9eb798a57bf6084

SHA1
8e7971401fada3099aed61849745fda37e1c0d32

SHA256
1f01a9abac64fae72e0a253ad9ffe2d62cd2967c1c2bc90fb956ac446fe2b11e

SHA512
ac366f38f39b935110192d1355147392ced5a21966cc22386804356dce24b2da7971a6a60d675689f93d74014d961bfb3b0c13cf06809b9f9feef580045e20dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A0990F0\skin.zip

Filesize
509KB

MD5
ecb43530caf9566c1b76d5af8d2097f1

SHA1
34562ada66cd1501fcb7411a1e1d86729fd7fdc0

SHA256
a12381f97aee2d91568f44b23e866ccc99f0ae5e5961f318ed24b72f4f5da80a

SHA512
4a243c0bc4dbaf892bee91ea7eff9e6a7732d3aa2df5bebd9a4bea2859a30a8511945ce3bb823f7ef921f2e1a98906fb676fce85f25fd5908646b3a2f5d02563

Download Submit
C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

Filesize
614.0MB

MD5
435c893e9e93441dd0aba3174de3b9d6

SHA1
039bcaac182410904bab2aa19425d54fb8622719

SHA256
01a8e9353fb7ae7e2a0a467f02b34c0fdea8014c0127a1c8fd00f25ed76255c7

SHA512
e4063d73af0fd3cbc9f57d634f2b2d5d5fecac92e2f58592a396e0dd4f1eabfde2d6939b807861526aa41e5b1b26de0f3d3ab7a2b27c6d63551c9c3d0c4d9e77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-HypervisorDriverUninstall.log

Filesize
50B

MD5
abdafce361b743ce2b265c8fa2b9c1ae

SHA1
dad27f32a35288ec4dd75115e2b73932968c0241

SHA256
54aa3c35d1230b46f7b3db82936b288312f7b1ce654a77252d170c5f38aa9124

SHA512
fcb6f7c029dd38cee4d83af4af4a0942c94af053c2e69f32566ab214febb413509876c79cf0450d7a0f81b167994aa15f2d861c3d55ebcafdabef2fb9315a939

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeforeScStart.log

Filesize
270B

MD5
0649d4c069fb3136de50d9ebe44b7cac

SHA1
a58bf5d93120eb91eab5ad7af282c99c0e36c4ba

SHA256
aba93de5e732f49ecdd398b49f44752478a6ba279222bfce8b622a37124fbcf5

SHA512
829daae9029c6741c06374f2b7f642e88d3f5707d7eb9ef45692a16d1a05f8d6f66305ddf51a222a8748157317f76c5115cbf1bcce0cbbb4b0c4e56a50813854

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeginUninstall.log

Filesize
122B

MD5
6bbcfd360c0797e6650f0d3cb1c36109

SHA1
e22b5f6a4654134d687a3908464e67faa23d84ff

SHA256
df023ca139e8dcb21f0d4a603b34af95f980c1e388c97e4735dd698d0329113c

SHA512
0281c1cc1b104c73f130068a905e37b75f3c3a40884d3e2cc421aeaf6a3c6b938393894fe750fa7de44b9d0a25f9b3c11bb386fd133b3d710a549632ed9ea604

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfCF7C.tmp\AccessControl.dll

Filesize
23KB

MD5
bb0f26c7a18434ee1d648c7e6743d1fe

SHA1
f7503b348aa7c7691668fbb64ccd541e247f87e5

SHA256
1b4d25f2f544f520c20493ee1e9ac7b3043aab88e4ff87953390d357de4c2096

SHA512
4311e960a4f8f441b25c5ec9a82d64112016ff9c4510dfb082a0c1bcce2d03cb2871912dcaafc5d00f07ed9ac4d6d7998cdcea2bfc84f7180b2f62a2cf24e08d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfCF7C.tmp\ExecDos.dll

Filesize
14KB

MD5
e2716246ee731417abee9ea26cec1d56

SHA1
6687e5d8b0b705fcdd9a4020215891d5b7723084

SHA256
691ffd34264d1813827c35083367a08aec974e9f79fb585b7d2d367c83760fbd

SHA512
355bb040570a1ba64a03463a9e6695015c2ffda5f30b7ce801c39ab1a7ba36134bb8fa9b5a1ffd102f6d71091b77133f8d68d305d5c1949ccad2e8eab0258505

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfCF7C.tmp\LogEx.dll

Filesize
52KB

MD5
6eba32325d2db645c958c551f0aa2e31

SHA1
b116cc9ff0369af681ebf805a1a3befedd9ab868

SHA256
cf7b45a69a13551db95dcdefc8bfdd4128e1c1db67198347b43469b69c36b844

SHA512
6c48038341bb16ce50b01c99f8ebfc919adfce61008d9718c06d55e92e54625ed2ab6ac850592e847bca61d7d57809dd531afeea4f0fb0c8310cfe1710f37927

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfCF7C.tmp\System.dll

Filesize
12KB

MD5
283555de06751c261b66243bbb1558da

SHA1
4532ed4e255ad0163494a02081b45e893ad666f9

SHA256
b6298637fea88a44e4de3f6b7fe254fb73857c08f1dcd8bd1af6f9eb5e6e7e3c

SHA512
469dbb4b7cc0d4f59d903415fbb7ea6417323f0daa2aeb2945a9744668f3d9fa95eb34a9d64a647835b563c74c3484c6d4b823a75119599aa5f975dbe471d3ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfCF7C.tmp\UAC.dll

Filesize
22KB

MD5
b7e1d609915cf0b3f9dfee488a92fc91

SHA1
d9c873b39e3cac648742568378fe788b2cae6e84

SHA256
fa3bb333f615689691ff98527dc3341e3b8ffee4bf97c6128820bf0d303930e7

SHA512
ae4a00659f522996600bd0754b2f2706e297939ea616ada66e590409c6c2f28ed7ed39b67a078ae72e9b472a97291c7f3da42339051ef1a3d1941b0368b2e775

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfCF7C.tmp\UserInfo.dll

Filesize
3KB

MD5
cb310d97bd72a6ae8fc6e44c88ef9e8c

SHA1
ed935c8f17340fecb7021dddd9dc7de0e23bf487

SHA256
d6fae2e57c84b25b73fe942fb7ba725158b21ec81c9d989845b64ba1ee337c27

SHA512
8351004d0bf86c5577940613cee26803d797b2375038726ce31827d66038664aaf74399d7d5e11c6487012942fb4f147b7021d6e887ac09c39f541991f594f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfCF7C.tmp\nsProcess.dll

Filesize
12KB

MD5
b6cd62358973125f52d756d6d3aee8b2

SHA1
7c9fcfa85a88c507517a659f778355b56cef921f

SHA256
44c14f1edfe7deef518264675e3e4edb6991d5ea0d50f0f6b18a819dc31bbcba

SHA512
a5b756e3e1a31ad7ad9026bc492de2ef8983385e7c920a2e3eea363df3c6d112cea2a0373cd9bd8be1fb3536ee9623c6844b3c7a92d8cf6ee050aeec7cee76bb

Download Submit
memory/696-72-0x0000000000560000-0x0000000000B15000-memory.dmp

Filesize
5.7MB

Download
memory/696-184-0x0000000000560000-0x0000000000B15000-memory.dmp

Filesize
5.7MB

Download