Analysis Overview
SHA256
ce7d6fdbe43eff57bb876aadb602875245e9ef0853a4cee990e90b56e46c8f70
Threat Level: Likely malicious
The file magiskForMEmu.zip was found to be: Likely malicious.
Malicious Activity Summary
Creates new service(s)
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Registers COM server for autorun
Enumerates connected drives
Drops file in Program Files directory
Launches sc.exe
Enumerates physical storage devices
Runs net.exe
Uses Volume Shadow Copy service COM API
Uses Volume Shadow Copy WMI provider
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious behavior: LoadsDriver
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-29 15:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 15:20
Reported
2024-05-29 15:26
Platform
win10v2004-20240508-en
Max time kernel
219s
Max time network
299s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7z914A32AC\nemu-downloader.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z914A32AC\nemu-downloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z914A32AC\ColaBoxChecker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z914A32AC\HyperVChecker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z914A32AC\HyperVChecker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z914A32AC\HyperVChecker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z914A32AC\MuMuDownloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| N/A | N/A | C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7z914A32AC\nemu-downloader.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipEng.lng | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtTest\TestCase.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\MuMuVMMVbox\Hypervisor\tools\ucrtbase.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipFar.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\SliderGroove.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\CheckDelegateSpecifics.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMVMMR0.r0 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\MenuItem.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\MuMuVMMVbox\Hypervisor\NetLwfUninstall.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\pcre2-16.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\RoundButton.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\SwipeViewSpecifics.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\css\message_main.92397a07.css | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\Page.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\RadioButton.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\Slider.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\StackViewSpecifics.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Shapes\qmldir | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\MuMuVMMVbox\Hypervisor\NetAdp6Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\MuMuVMMVbox\Hypervisor\vaddress\0.0.63.0\VAddressDevice.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\.backup | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\RadioIndicator.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\radiobutton-icon.png | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick.2\qmldir | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\ToolBar.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\MenuSeparator.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\frame-icon.png | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmvmmr0.cat | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQml\Models.2\qmldir | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Imagine\Switch.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\DialSpecifics.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\VerticalHeaderView.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\ComboBox.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\ScrollBar.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStubLegacy.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\TabBar.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\tumbler-icon16.png | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\regsvr64.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\MuMuPlayerCleaner.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\checkbox-icon16.png | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\message_main.74039464.js | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\api-ms-win-core-handle-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\api-ms-win-core-interlocked-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\vcruntime140_1.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\LocalStorage\qmllocalstorageplugin.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-ru-json.8e3adfa1.js | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\vms\vms\120.1.60.003-nemux-overseas-x64-release\data.vdi | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\api-ms-win-crt-conio-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Imagine\Popup.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Imagine\TextArea.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.cat | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\MuMuVMMVbox\Hypervisor\VBoxEFI64.fd | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Imagine\RadioButton.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\[email protected] | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\ToolButton.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltInstall.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\crashpad_handler.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\SwitchDelegate.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\plugins\iconengines\qsvgicon.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\MenuSeparator.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\RadioDelegate.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtMultimedia\Video.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Imagine\CheckBox.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\ScrollViewSpecifics.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614697005709378" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\CLSID | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Software | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\run.sh
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0410ab58,0x7ffa0410ab68,0x7ffa0410ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4220 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4264 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4480 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4956 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1880 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3276 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3124 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3100 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4332 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=844 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2784 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5056 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5192 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5084 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:8
C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
"C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe"
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\nemu-downloader.exe
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\nemu-downloader.exe
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\ColaBoxChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z914A32AC\ColaBoxChecker.exe" checker /baseboard
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z914A32AC\HyperVChecker.exe"
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z914A32AC\HyperVChecker.exe"
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z914A32AC\HyperVChecker.exe"
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\MuMuDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\7z914A32AC\MuMuDownloader.exe" --log="C:\Users\Admin\AppData\Local\Temp\nemu-downloader-aria.log" --log-level=notice --check-certificate=false --enable-rpc=true --rpc-listen-port=59912 --continue --max-concurrent-downloads=10 --max-connection-per-server=5 --async-dns=false --file-allocation=prealloc --enable-mmap=true --connect-timeout=5 --rpc-max-request-size=1024M --stop-with-process=4844
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe" /S /auto_start=false /fchannel=gw-overseas12 /D=C:\Program Files\Netease\MuMuPlayerGlobal-12.0
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /RegServer
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe"
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" start MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" start MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "comregister.cmd -u"
C:\Windows\SysWOW64\net.exe
NET FILE
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 FILE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ver
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMClient-x86.dll"
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMProxyStub-x86.dll"
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\7z.exe
"C:\Users\Admin\AppData\Local\Temp\7z914A32AC\7z.exe" a -tzip "C:\Users\Admin\AppData\Local\Temp\nemux.zip" "C:\Users\Admin\AppData\Local\Temp\nemux"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=1616 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4332 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5812 --field-trial-handle=1888,i,15947658975833898052,6632032428101670892,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 4.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 214.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mumuglobal.com | udp |
| NL | 104.97.14.51:443 | www.mumuglobal.com | tcp |
| NL | 104.97.14.51:443 | www.mumuglobal.com | tcp |
| US | 8.8.8.8:53 | www.mumuplayer.com | udp |
| NL | 104.97.14.42:443 | www.mumuplayer.com | tcp |
| NL | 104.97.14.42:443 | www.mumuplayer.com | tcp |
| US | 8.8.8.8:53 | 51.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nie.res.netease.com | udp |
| US | 8.8.8.8:53 | ps.res.netease.com | udp |
| US | 163.181.154.235:443 | ps.res.netease.com | tcp |
| US | 163.181.154.236:443 | ps.res.netease.com | tcp |
| US | 8.8.8.8:53 | 42.14.97.104.in-addr.arpa | udp |
| NL | 104.97.14.51:443 | www.mumuplayer.com | tcp |
| US | 8.8.8.8:53 | r.res.easebar.com | udp |
| BE | 2.17.107.235:443 | r.res.easebar.com | tcp |
| BE | 2.17.107.235:443 | r.res.easebar.com | tcp |
| BE | 2.17.107.235:443 | r.res.easebar.com | tcp |
| BE | 2.17.107.235:443 | r.res.easebar.com | tcp |
| BE | 2.17.107.235:443 | r.res.easebar.com | tcp |
| BE | 2.17.107.235:443 | r.res.easebar.com | tcp |
| NL | 104.97.14.51:443 | www.mumuplayer.com | tcp |
| NL | 104.97.14.51:443 | www.mumuplayer.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| NL | 104.97.14.51:443 | www.mumuplayer.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 235.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | comm.res.easebar.com | udp |
| BE | 2.17.107.136:443 | comm.res.easebar.com | tcp |
| NL | 104.97.14.42:443 | www.mumuplayer.com | tcp |
| US | 8.8.8.8:53 | store-api-oversea.webapp.easebar.com | udp |
| US | 8.8.8.8:53 | sixhorse.game.163.com | udp |
| CN | 45.253.144.31:443 | sixhorse.game.163.com | tcp |
| US | 52.223.38.145:443 | store-api-oversea.webapp.easebar.com | tcp |
| US | 52.223.38.145:443 | store-api-oversea.webapp.easebar.com | tcp |
| CN | 45.253.144.31:443 | sixhorse.game.163.com | tcp |
| US | 8.8.8.8:53 | 136.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.38.223.52.in-addr.arpa | udp |
| CN | 45.253.144.31:443 | sixhorse.game.163.com | tcp |
| US | 8.8.8.8:53 | mumu-global.fp.ps.easebar.com | udp |
| GB | 23.62.198.73:443 | mumu-global.fp.ps.easebar.com | tcp |
| GB | 23.62.198.73:443 | mumu-global.fp.ps.easebar.com | tcp |
| GB | 23.62.198.73:443 | mumu-global.fp.ps.easebar.com | tcp |
| GB | 23.62.198.73:443 | mumu-global.fp.ps.easebar.com | tcp |
| GB | 23.62.198.73:443 | mumu-global.fp.ps.easebar.com | tcp |
| GB | 23.62.198.73:443 | mumu-global.fp.ps.easebar.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| CN | 45.253.144.31:443 | sixhorse.game.163.com | tcp |
| CN | 45.253.144.31:443 | sixhorse.game.163.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | bee.tc.easebar.com | udp |
| US | 8.8.8.8:53 | 73.198.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| JP | 54.168.107.115:443 | bee.tc.easebar.com | tcp |
| JP | 54.168.107.115:443 | bee.tc.easebar.com | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.107.168.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adl.netease.com | udp |
| CN | 42.186.29.11:80 | adl.netease.com | tcp |
| CN | 42.186.29.11:80 | adl.netease.com | tcp |
| CN | 42.186.29.11:80 | adl.netease.com | tcp |
| US | 8.8.8.8:53 | timejs.game.easebar.com | udp |
| US | 75.2.121.189:443 | timejs.game.easebar.com | tcp |
| US | 8.8.8.8:53 | 189.121.2.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.126.19.2.in-addr.arpa | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| CN | 45.253.118.176:80 | adl.netease.com | tcp |
| CN | 45.253.118.176:80 | adl.netease.com | tcp |
| CN | 45.253.118.176:80 | adl.netease.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | adl.easebar.com | udp |
| IE | 54.195.199.229:443 | adl.easebar.com | tcp |
| IE | 54.195.199.229:443 | adl.easebar.com | tcp |
| US | 8.8.8.8:53 | a11.gdl.netease.com | udp |
| NL | 104.109.143.20:443 | a11.gdl.netease.com | tcp |
| US | 8.8.8.8:53 | 229.199.195.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 172.217.3.67:443 | beacons2.gvt2.com | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 172.217.3.67:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.3.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.mumuglobal.com | udp |
| JP | 3.112.156.138:443 | api.mumuglobal.com | tcp |
| JP | 3.112.156.138:443 | api.mumuglobal.com | tcp |
| US | 8.8.8.8:53 | 138.156.112.3.in-addr.arpa | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | dns.update.easebar.com | udp |
| BE | 104.68.95.105:443 | dns.update.easebar.com | tcp |
| US | 8.8.8.8:53 | 105.95.68.104.in-addr.arpa | udp |
| US | 76.223.88.1:80 | 76.223.88.1 | tcp |
| US | 8.8.8.8:53 | 1.88.223.76.in-addr.arpa | udp |
| US | 76.223.88.1:80 | 76.223.88.1 | tcp |
| N/A | 127.0.0.1:59912 | tcp | |
| US | 8.8.8.8:53 | a11.gdl.netease.com | udp |
| US | 2.17.251.12:80 | a11.gdl.netease.com | tcp |
| US | 8.8.8.8:53 | 12.251.17.2.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 2.17.251.12:80 | a11.gdl.netease.com | tcp |
| US | 2.17.251.12:80 | a11.gdl.netease.com | tcp |
| US | 2.17.251.12:80 | a11.gdl.netease.com | tcp |
| US | 2.17.251.12:80 | a11.gdl.netease.com | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 2.17.251.12:80 | a11.gdl.netease.com | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 2.17.251.12:80 | a11.gdl.netease.com | tcp |
| US | 8.8.8.8:53 | api.mumuglobal.com | udp |
| JP | 3.112.156.138:443 | api.mumuglobal.com | tcp |
| JP | 3.112.156.138:443 | api.mumuglobal.com | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| CN | 42.186.29.11:80 | adl.netease.com | tcp |
| CN | 42.186.29.11:80 | adl.netease.com | tcp |
| CN | 42.186.29.11:80 | adl.netease.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 75.2.121.189:443 | timejs.game.easebar.com | tcp |
| US | 8.8.8.8:53 | bee.tc.easebar.com | udp |
| US | 75.2.121.189:443 | timejs.game.easebar.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| JP | 54.168.107.115:443 | bee.tc.easebar.com | tcp |
| JP | 54.168.107.115:443 | bee.tc.easebar.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| CN | 45.253.118.176:80 | adl.netease.com | tcp |
| CN | 45.253.118.176:80 | adl.netease.com | tcp |
| CN | 45.253.118.176:80 | adl.netease.com | tcp |
Files
\??\pipe\crashpad_4568_RCTQOGXRYFNDUCOC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b8918012239115410027b5fdc048d474 |
| SHA1 | 75e78529b0cd55be2c36e61301f933003939925f |
| SHA256 | c8696fb3b073fbd236444ea0684c5aae98f905c917d4501e680f6f844e110435 |
| SHA512 | e4fc0a51e831ccef3904cecdbc5356fd6353c7872aadef9f000c09a5591fa9f001348d18c9e68b5dbc96593081be1a35171f829fb3507e756ebfac24ca82d741 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20b9940cd39753f546a925177e2edce6 |
| SHA1 | 2300c3a03a81ed309b2bfc9334b995380ab62de6 |
| SHA256 | 408125eea3db025420fc65bfff192bbad4e48ae044084d3f590beb081b26bcd2 |
| SHA512 | 9d5f34b20c4cbf188181560593dbfff36deb1cd7e0f22217500ed9d257e28e0ea2ad45161655c946dbb9c1a14343cb7659e828a2dfaac8c34d890d70486af036 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a4e9bfcfa1985d4f959db442dcc426fa |
| SHA1 | 687c123f18b1051539c06bd9a5116ebb4e15e033 |
| SHA256 | a6ce1a1e99613c0a843ac47082ee46b44b09f78d8696a4e2dd09cc1133c0cb41 |
| SHA512 | 75f4a174f518d21abdc6f43b748750c70132c9193e3bf979689faece8cb0975a64cf7dbd3bbc3333cabaf13b594d378c0a457d4d5b679389a896e4bb59955cd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 690376ad231ecbe6e65880af0c405d0d |
| SHA1 | dbe6a6fa23e972e3ca484c14d7b45a1c5f3edcda |
| SHA256 | 801e2a47d81e0941ad2aaaca550ce726b884385cd17985eaf50097bf5dc872a9 |
| SHA512 | 8ca5b16a57fee63778879830fe41586311041edb2ac049bd71e0f8b8c5b77ca45ab87f909630bdb379fff2d4288d0ca85fbd2149e7d7781aeefaa17ce98b0ffd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cd53f0a8034000d260b7b3a733fdf80c |
| SHA1 | 84bfdf2a640d4b4d02c232cddc48f65b56c67990 |
| SHA256 | a65fe64656260eeb6380a7a712a00f51797fccd7e0338dd85977ea8f5838bd67 |
| SHA512 | 205bd3839af04bea3a0a253e66d666eaa27b928be8cea15a5a195940fc8a2306dd0532bca82c74659b476607cf9e660285603c9f6895bfba77710afcbd53f29b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580143.TMP
| MD5 | b327a1eb2fd5f8de7e928a007179e0bb |
| SHA1 | 91a2f590d35412c111ca9570d3b873c3fbac1f1e |
| SHA256 | 5ecd7790c5c858b71e52737c005f599d06ba13e4b05904fc39d5844344e2523e |
| SHA512 | d0c9ffd50d71cbdfb01a1da6de4fb1f8f750ceebeeeb9420603282e778435690a9c099fecfa31ffd8b272111534e07c2f13ae281014dbe790dd2bb6c998145fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 5de58fe2a868915a1525c728c5838c91 |
| SHA1 | fe70dc8043b143e8034ced16d9c3ad90f4d0566a |
| SHA256 | 2e325f903bc6cbd499f72a6174eb8692a939e5e0a211d80af98d805a93d663f7 |
| SHA512 | df52d67d16e63fb15bb36e318141aea37c7760c840930615e07e58f7ede726ce120e379c9889f98d085110f56ffd537f415ea6369002fb13121de057783a392e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58049f.TMP
| MD5 | 6581f44b06095a1900992cbda2487d19 |
| SHA1 | 964f237f80f827e8c40813c542602fc588e3c0e5 |
| SHA256 | 2d47fdbdd5ff089ba4327df74947cc01bc9c96e22c34bf6e2d65a576639fb4be |
| SHA512 | 98561344231871725c5d6fd2eecf384cafb19598a73df4861f32c7cb5127aebf8827c5fea52206f6a2e71890a84c0e51e0284e3adeec5b80b9650dedb121561a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 81159729ab3da9b4f3f28d9d7250c8bf |
| SHA1 | dadd39290f8eeb81e58d979bcd26ad15b139566a |
| SHA256 | 55426086aa85ae72ec793a6a220ad1a016d7dafe0c63523ddf5ceba5b9721d26 |
| SHA512 | afe74aaf307aef6349e5a9dd2b4e91e884da42fb1faa42eb0670b7c6be1bff9b96deab578030bd0e068dd67a9b19fdc5ec9180ff3ed8f83019fce64c9e981b5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cbd57dcddab25e8bd67717337553c36c |
| SHA1 | ab35c3e3fc31ea828cc423a05e51a9668618012d |
| SHA256 | a732718297dc24954438c95b37b4d513a50075badabc000b3d9a679cde857acf |
| SHA512 | 9c16010629d20ca574d31f686aa982030d650de22c19c6b872c2fcf150db3ae7f54904b7434ce7139e50351aaaaca63b624b4b9e4a978ba4cdc6ae9e06e799f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a7f62cec9bb6876fb63f8f904edc91bf |
| SHA1 | d0934f9a4afc37fba63dbc659fe46fe66019f269 |
| SHA256 | 4b086b43da3bfa9e5aa90b3bb3074a7c32d1f507055b334f3d7d4563cecb98ea |
| SHA512 | 0c6d006c6c9a47d36637670e720dddcd936858602f8d72171fba1c219b3291659f09fa17befa76d7808efa002d468659f7726629d9b89340e3e0e7e4d6a7c0a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e4a9d9485ab69d9e1c69644390b1fb32 |
| SHA1 | 22a3217fbbb8325e2aa001fe7c5732dcc269bd99 |
| SHA256 | 118b60da34e48ade1cd2eda643c4032c774dd7977b50856f3bfe870b5ed1b529 |
| SHA512 | 8126c1b329b3c7d7bf6d06fb6d2a03dbfd6bebbbcf6056e7635e9cbeac59aeb2b5d17fd1cd6eb5f311b01977759be42b72d8cfcbca3c1fe1c1b1c2c8e98ece0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4042eba5ce087950f6e6f1b3f6e3cd50 |
| SHA1 | ee16a9383cfc8005a801f78835d35af6cfcb8537 |
| SHA256 | 03e90b8dbf93e67aead358b563ebcc137e04b5fec6e6cd6fb57cc80e1919448e |
| SHA512 | 4511ea396d060790fcc535fa5f3652cd2dcec3ba67ec65be134fcaca44e49a4208360ea4baec7c5817bbc5a961cc2a5a18d751297f7a4605fcddfb98faf0901d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e90577ced429d9d6cc5cd97b1b6d7e43 |
| SHA1 | 12af7c7af14268baf9cf5d15c99be29b0e7a7e7b |
| SHA256 | 7e7d5e4c04a4bc748e57f1de83108bea4f4249d99ece0d0f2213dfd505f19a21 |
| SHA512 | 46e50e1ea0c2416170d2f8535724131953dd33e9deb600e009bb6870e3baa07a37fd58f9bdd48319f0932f16235fd87a8b6b91b935965e4e08f5690322dd0f0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | db663fa56f729771705a9be2ab9ba399 |
| SHA1 | ebd12971a6cddbb8cc4b0dfe7457516a463e1648 |
| SHA256 | 870ce3c4728f6c0160f52f064d28257d499a9fe956fa7928789992a78f35ca8f |
| SHA512 | 39213a2562f478ad35ec54435716ac47d493e0a4b4e0e42acefe4256942706f16ab5c6eb0ec458046e1fc54fc89e8882c758abf148cce352e54fcdb332cda626 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 04641249cb01e8c83f8410346e41086d |
| SHA1 | 281d68f22b0ab44f5f8ea21d25e748fef5c190f2 |
| SHA256 | 48ceb67fad39d2d5bd1b35c7311ccb73b256ca6a24badc80f088313db36eb36f |
| SHA512 | b65cd975ed5056c8b435e6835d1efc0a09e09be9699d2dfe0f697b8a059b6ddcea936d44ffb515ec8ba5656ff7129cc9a5714c81f1158601d5c16079ec2d9b3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 881fbc12fa923b604998e7815c92a4a6 |
| SHA1 | 963174c07fa956ef156821808714b4ea07974b1a |
| SHA256 | 1d7b94ecd8aadede0963481cc757677c7fe6a44d2fd3d3d98f25ef4448ff793d |
| SHA512 | cf543113fc28e26093d037895851049506b26c4bd86eb298b2f49385659931f0d5d02bf4765e0ac25a78b14343466df05ec7fbf87eadf4142194e996eec4ebce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ae5bed7767fd4252875b2b31f828c0f7 |
| SHA1 | 2751f308b314c863599451aa8fb4eb32b669624d |
| SHA256 | 0f1d2601fa28a5e6d9a0f3e2189cef9e257835b2e1918a899abf012c6e329f4b |
| SHA512 | ee8321df120b03e3adf6afd4a5a1fb1bff726306eb5c6f24602905765088ac08a880ac171328d863c6c5c93be669af5189a199b96a38585c980319882d74a502 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a37f589ff8d0d9a760a2d6a8b1ca8f98 |
| SHA1 | 28bc59c4ae28cd7fa83c0a9300b4d6ee1748719a |
| SHA256 | 8951e26077295dd646b1419ab34dcd799f94bd48d0057da88b4a11d7247e5f76 |
| SHA512 | 26d77266397d78db0391b2915299cd9c3efcbcf1ec2019dc6672df169bdd8e86dc45f2e833ed9dac966357cfaf596fae48d8e4ffcc7060f3561587ae886e1eb2 |
C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
| MD5 | fbd9ad001bb2719f574c0705c5de05fb |
| SHA1 | d07e77a490ad677935ac8213b88237e94440e791 |
| SHA256 | f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593 |
| SHA512 | 5724e3f858ae7ea92ba4ce325f3f8f4b90ecc6d7c19476e2888c4b09f0913463191b977f71314300918cceb0a6ae0b80e29d3c70891e8aeb9314da233a929e96 |
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\nemu-downloader.exe
| MD5 | cdf8047ceae80d9cd9eb798a57bf6084 |
| SHA1 | 8e7971401fada3099aed61849745fda37e1c0d32 |
| SHA256 | 1f01a9abac64fae72e0a253ad9ffe2d62cd2967c1c2bc90fb956ac446fe2b11e |
| SHA512 | ac366f38f39b935110192d1355147392ced5a21966cc22386804356dce24b2da7971a6a60d675689f93d74014d961bfb3b0c13cf06809b9f9feef580045e20dc |
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\config.ini
| MD5 | d00fb4c61a255b58ff09886c6c72461b |
| SHA1 | 4e4f7d7ae36f67a4d6fc8479f8400b3eb769e978 |
| SHA256 | 77dec4d79e1e844a2156f101defc0fc81c138a989e8ba1c722c58feb91b3cd4a |
| SHA512 | 8494ab9fe0594f3ff7b0893ca3e25d6d0a706e546e92c5b662aa864affcefe5f9721a6a95f37f40cdacf39d27a23e2b3cd5dbca4d7b8909cd7c186209d4b46db |
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\skin.zip
| MD5 | ecb43530caf9566c1b76d5af8d2097f1 |
| SHA1 | 34562ada66cd1501fcb7411a1e1d86729fd7fdc0 |
| SHA256 | a12381f97aee2d91568f44b23e866ccc99f0ae5e5961f318ed24b72f4f5da80a |
| SHA512 | 4a243c0bc4dbaf892bee91ea7eff9e6a7732d3aa2df5bebd9a4bea2859a30a8511945ce3bb823f7ef921f2e1a98906fb676fce85f25fd5908646b3a2f5d02563 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 98c4b2c877f3a6177926aefe0329cae0 |
| SHA1 | 8a05f97d08fb9a57d9edbbf87ba5d29c36c0deed |
| SHA256 | d97deae26ded051a5edff92777005074a0eef049071d0af5df66550fc77613ae |
| SHA512 | 88616d5d929f8ea352a6b875ac05bd4794c8b53bb21e0369b842afe7503a76dd049839fe4ee34cfea1c0be8f3c94293725153eab06c59d4553d459614218b4dd |
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\ColaBoxChecker.exe
| MD5 | 839708e3f96cf055436fa08d6205263c |
| SHA1 | a4579f8cb6b80fe3fd50099794f63eb51be3292f |
| SHA256 | 1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752 |
| SHA512 | ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd |
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\baseboard
| MD5 | 3627177e5060ba7ab92c127d1ced3b0b |
| SHA1 | f41b40b65c3a1a9193346974f860e7b09cbb8396 |
| SHA256 | 87801af354e1644b3cf39842a0593b1679d745d3c1e1a199893d4b9f5fe5635e |
| SHA512 | 38d677c326b10ec3bb7ed6b79e62e3f439748710c0cead3c2d4464d6bd9105ec663eee38d5c8db1f934374ed6855e67728b878826481043729d8158e42d0fb6b |
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\HyperVChecker.exe
| MD5 | dbd84c6083e4badf4741d95ba3c9b5f8 |
| SHA1 | 4a555adf8e0459bfd1145d9bd8d91b3fff94aad0 |
| SHA256 | 9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39 |
| SHA512 | fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 124469a80799879923bf0fce476dda22 |
| SHA1 | 10b9c0e6b53db20837792eae2a6c921d310fab87 |
| SHA256 | f8aae726ebe4649e47fb4195794adf4c72438fd0cc6acd82db2d2f12fb692722 |
| SHA512 | 00d63322babe1adac2ddb929a94b9f121028584231c95c5c6f417856f6f5ecfd2ced592536a637e70c6fa03a35a02730efdd25b6c642d1d89595e6254fa0fc9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 252dd9288c7d0fe12e33d0cc54ee1be6 |
| SHA1 | 841c9cf7d218d749cf01674ced5bfb2eb91ea873 |
| SHA256 | 4de1589f153ce55bda5dd919dd7dbb4e0500ba8fa596694cf862a871e22ab101 |
| SHA512 | 95346c64278fe3bfdd82d9e6680fe540e3197660d9c5051a34317bedd427b5d7909175d743f5f2253363a101e44b81ea14d77779e989692937e7a1f0e5ba898f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9f5c2f4200755392f4ee503175b934d8 |
| SHA1 | 5a40ef61747090de9292afaa1b58e55b40600b53 |
| SHA256 | 2c7b451cca9ccb62b08e2d19573caff29e15584ce014a55c3441b746e3d8a86a |
| SHA512 | 4a04ba2801860e21ac075ee62e034bf343c5976a231a84d7379a950c609c273fc779ece15cc2e60df6f54c6ea57c12f5f97aa476ee6e3675d56a0bdb5faacbe5 |
C:\Users\Admin\AppData\Local\Temp\7z914A32AC\MuMuDownloader.exe
| MD5 | 2f3d77b4f587f956e9987598b0a218eb |
| SHA1 | c067432f3282438b367a10f6b0bc0466319e34e9 |
| SHA256 | 2f980c56d81f42ba47dc871a04406976dc490ded522131ce9a2e35c40ca8616e |
| SHA512 | a63afc6d708e3b974f147a2d27d90689d8743acd53d60ad0f81a3ab54dfa851d73bcb869d1e476035abc5e234479812730285c0826a2c3da62f39715e315f221 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1817ab3ef833c2a500a72dfef74228d4 |
| SHA1 | 85c54526d7485a11ba06509e6de0d5c35d3283d5 |
| SHA256 | 485c7ce6bfec69bb8ec1a519328d32fe61604b96bcf410a0c743ec5be7d124e2 |
| SHA512 | 241a79f7d529ec834ca385dd143f98e4b36e790b46b66790764cb6d6e91d98d9e5ad3d5067d8bf7a4ed91412863c05ca6a58d53b66d1db5d03a3a68fdd1ccc9f |
memory/3608-534-0x0000000000620000-0x0000000000BD5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6d1904e4cbe179adea1e19bc03531f02 |
| SHA1 | 65ac8cf0a6316b1db327756291f82b3cae90d6e7 |
| SHA256 | 76efc949f400da0097cbfda495c1b9aced211ca5612e896860a05a1cda3a4563 |
| SHA512 | 9ae7c461065a41cedb31c61d7b8796f7cf6841c7d488cd50dba40f8ac340e2e4bfa43d1c55492af0b5f53e7a24771d1c9d9cbba62ec4ab1c0575841b3e0f8923 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ad5ba44aab5a511e5571ca730fdb49c4 |
| SHA1 | c10a71600123f0c9d5971aa76bfe20fe4730dcc7 |
| SHA256 | fc038186a7ece53e399075874844fbc31c89a183fb45f19ce36acc7e6852cd38 |
| SHA512 | ef5739dad3086ed10f32ae9e57bd2697b19334191c628d0f774a2c4c2ff1b1d38b48a64f211f54e7f05b10a4bb11fd9974fdc22a7b86c7e9c27cf7996aacd289 |
memory/3608-564-0x0000000000620000-0x0000000000BD5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nso49CD.tmp\LogEx.dll
| MD5 | 6eba32325d2db645c958c551f0aa2e31 |
| SHA1 | b116cc9ff0369af681ebf805a1a3befedd9ab868 |
| SHA256 | cf7b45a69a13551db95dcdefc8bfdd4128e1c1db67198347b43469b69c36b844 |
| SHA512 | 6c48038341bb16ce50b01c99f8ebfc919adfce61008d9718c06d55e92e54625ed2ab6ac850592e847bca61d7d57809dd531afeea4f0fb0c8310cfe1710f37927 |
C:\Users\Admin\AppData\Local\Temp\nso49CD.tmp\System.dll
| MD5 | 283555de06751c261b66243bbb1558da |
| SHA1 | 4532ed4e255ad0163494a02081b45e893ad666f9 |
| SHA256 | b6298637fea88a44e4de3f6b7fe254fb73857c08f1dcd8bd1af6f9eb5e6e7e3c |
| SHA512 | 469dbb4b7cc0d4f59d903415fbb7ea6417323f0daa2aeb2945a9744668f3d9fa95eb34a9d64a647835b563c74c3484c6d4b823a75119599aa5f975dbe471d3ab |
C:\Users\Admin\AppData\Local\Temp\nso49CD.tmp\UAC.dll
| MD5 | b7e1d609915cf0b3f9dfee488a92fc91 |
| SHA1 | d9c873b39e3cac648742568378fe788b2cae6e84 |
| SHA256 | fa3bb333f615689691ff98527dc3341e3b8ffee4bf97c6128820bf0d303930e7 |
| SHA512 | ae4a00659f522996600bd0754b2f2706e297939ea616ada66e590409c6c2f28ed7ed39b67a078ae72e9b472a97291c7f3da42339051ef1a3d1941b0368b2e775 |
C:\Users\Admin\AppData\Local\Temp\nso49CD.tmp\UserInfo.dll
| MD5 | cb310d97bd72a6ae8fc6e44c88ef9e8c |
| SHA1 | ed935c8f17340fecb7021dddd9dc7de0e23bf487 |
| SHA256 | d6fae2e57c84b25b73fe942fb7ba725158b21ec81c9d989845b64ba1ee337c27 |
| SHA512 | 8351004d0bf86c5577940613cee26803d797b2375038726ce31827d66038664aaf74399d7d5e11c6487012942fb4f147b7021d6e887ac09c39f541991f594f9f |
C:\Users\Admin\AppData\Local\Temp\nso49CD.tmp\AccessControl.dll
| MD5 | bb0f26c7a18434ee1d648c7e6743d1fe |
| SHA1 | f7503b348aa7c7691668fbb64ccd541e247f87e5 |
| SHA256 | 1b4d25f2f544f520c20493ee1e9ac7b3043aab88e4ff87953390d357de4c2096 |
| SHA512 | 4311e960a4f8f441b25c5ec9a82d64112016ff9c4510dfb082a0c1bcce2d03cb2871912dcaafc5d00f07ed9ac4d6d7998cdcea2bfc84f7180b2f62a2cf24e08d |
C:\Users\Admin\AppData\Local\Temp\nso49CD.tmp\nsProcess.dll
| MD5 | b6cd62358973125f52d756d6d3aee8b2 |
| SHA1 | 7c9fcfa85a88c507517a659f778355b56cef921f |
| SHA256 | 44c14f1edfe7deef518264675e3e4edb6991d5ea0d50f0f6b18a819dc31bbcba |
| SHA512 | a5b756e3e1a31ad7ad9026bc492de2ef8983385e7c920a2e3eea363df3c6d112cea2a0373cd9bd8be1fb3536ee9623c6844b3c7a92d8cf6ee050aeec7cee76bb |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\comregister.cmd
| MD5 | 4c0c8a2aee978f63ff9c9bb91eaa98ef |
| SHA1 | 784043ee7acbedfa92ede9c6aface266e6ab0606 |
| SHA256 | dcddc8c892e73bdb7e3a05d3d7e5ff8cf193ec1e27497a3c0bf5641dc542ccbc |
| SHA512 | cb22df98ec3e32d315e19bb139e08354c30fd64bb7ae11fd86633c042e9128dea0be1af275a9438f90114d1013d6e662327c3add7ef60797aacfd0e22c83bc62 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDD.dll
| MD5 | 7d2a12509733e35ad5852e97d34e2f98 |
| SHA1 | a0a3f1302d0b3b547b6f41b6f9f3b107a208c80e |
| SHA256 | 9697fefe8185831374cd8bcc7d0c41ec5cfe40d0ba8a48929cbf8d0fac1e6721 |
| SHA512 | 6bc07d62d8a03b29f9eeb5113fb30a42d176f215cfc111303a904a9fb4ec2c61d2ca61db4cb2cab80c54736a857b2113b217cfcdc1c5dab740c2a098f135a5e2 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDD2.dll
| MD5 | 6fefd079dd81cb94834423426653e19b |
| SHA1 | 3d34874275480f30f8332c3d02ced07dfc78fede |
| SHA256 | d8c3ca57a835272f29ada189c2c6425d513305d53042ccabed149dbccf828cf6 |
| SHA512 | 3f6fff313816cb89f603012faaf93b7b6d080af70d8f82d1155530958bb16297a84ef23dc0f056d357ec28044a4866e09153e6335a5a3fe6acae3e619e328b22 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMCAPI.dll
| MD5 | b94fedd54cfe88c84112cc31805faa68 |
| SHA1 | d8467b384573ae86861ef8f6ea905fbd838ae2fd |
| SHA256 | cbfca3fe8d0cee14707ead3bb781cfcdb71af1378054d09cbe5bf6f3c9259cf4 |
| SHA512 | 9a08e44af9f8ff000253cb3c8e801286203a99610b76b76d254d9b7ea1868aff653d9f73475fad93d83e5a5096624a2e044505ba7ea779244cd4b00a7c367eb5 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDragAndDropSvc.dll
| MD5 | 371caf53098440e460fbd066ed7f7151 |
| SHA1 | 4378dbb065a7a396d21746207e25f58863ca246d |
| SHA256 | 1e734e64d47242eb7ba4a6d128527cf5c7b4d32ad8640b5801921d579b626911 |
| SHA512 | 01cb377c8d43647da58d089ae027d2f483606afd6686c4bd59e50a1b98bcd422ea833a3bc2cfdebc8f247c10ac3e4692f9ee887dc1fa2ea6de1596bc6077521e |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDU.dll
| MD5 | 8498781afeeae6dbe42441472a43f9e1 |
| SHA1 | a45d908054e6777915c97c2a64a00fc384e302d6 |
| SHA256 | 6d88fddd662a54924a979cdf1c3f072cbc3e2b12e3cf0a233009a78715435bf7 |
| SHA512 | 78bf1e68eb7109d71cd28776b59d2b3f38024615942298d411b98486ed60bd01be2dfa9dab4734d54c4559f6affb348c1ec6fa82fa446b376e92241575b21597 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.cat
| MD5 | 4d215ca4b7e3cccedc021955f3d8e0dc |
| SHA1 | 34281419e17cec26a26a39d74408d80c3a7dce6e |
| SHA256 | 67635e38e615cc70f6f6754ecc2d7485914a73b80685e057590eb4f72c1b5441 |
| SHA512 | 13cdc1f631fad080f4539a65a59d050c7e42fad545f3c190bee5a2ea1b3526df0790f3c8f423b73ca5ab3e71ccb40c603174ce31aee77d24702c77dee8ca1865 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.inf
| MD5 | 423a9e754c1d0067686b7dc1aeffa6b4 |
| SHA1 | a57450653e5d9c3126cebe754a1b7e4204044d06 |
| SHA256 | 586128bd5dc9f67aa56f6b91d133e295c2a2cf3d3eab52672db8bba7cadf3ac2 |
| SHA512 | b31f468dfb55de5894962610b09218f49ad4be1148ea8aca9e5e3b5ca4592f0a0ce25d92464e9059e8b52354d3c7befed3db3e57428937b898a8eb492485b580 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.sys
| MD5 | 14e93c14b6d5d5d9db26275dfc987015 |
| SHA1 | 0585447d1400fcd57b86280453915799de24c7c3 |
| SHA256 | cfb29a2e7e938f7f2ec0443d5cf25261468e54c616eb74272c43924bb32e806e |
| SHA512 | 41da4d14075c3b47c4228cf1ad964b7a943b59c8e851bd2c264d88e37a7a3f525c9ad15683e5b0f512854eb1088c1d398fef8217a7c420d239c5de12c940639e |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.cat
| MD5 | 4c8e27b491df706887eedcf71be13759 |
| SHA1 | e5e11388cd871f54c8c5602deab7ef8392843064 |
| SHA256 | 8d106e9f8e78d6890161ab12be359ca0e357ce6ad46d9bdc5d80af3448eb94f7 |
| SHA512 | e4ed33bd3adc12e62718d93e5d8c8c4fcb61079ff64d50df77014b6730ea2aac15fbca2abb664e19b84bc9d6bde5025a8f71274b7dd7f3e2e66ef07dd5ecc76f |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMManage.exe
| MD5 | a9e4af672f217ef535e9592f5dc971eb |
| SHA1 | 27670fb386427d240f91c8503b4f970cc1e6d078 |
| SHA256 | 7d5b9212da761a3edc07a2ba5f1547f0662be06ae997465e8d5ccae28714e744 |
| SHA512 | 2b48c4c52ff47d2373b5f3cfd5056595c3b7c7516e66eb3a8c40a5f5b20446fde9dd0440ea814c2817135b1e45a47d08e62539841803f2d1f7e9fbc52961fcd2 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.inf
| MD5 | 92a337482c3995c561139ea8bd7c405b |
| SHA1 | a164ab90cd6e1abedba0c54a96a450d94be4c93b |
| SHA256 | 898574b40ca3ab0ce278899e4e585d653eb5dc3a2ac7da57c904a0bf4b0cc014 |
| SHA512 | d46f8d7abdf445697303567845390b52a31f3c0e45e8aa357802e667bd4a0816555b3d841f19672adf69c2c31e3dd62e7e6d788d50d95172ac81f5781403a102 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.sys
| MD5 | 6c000ac4c46fd78b6599f8e45cc0ce7f |
| SHA1 | c1d7e2809834e62326af0a46cf78f14eaac9dd2e |
| SHA256 | 05adb854983e9da8821eff5e50cca5a59ad0fa501966c269bd6e937f29d971da |
| SHA512 | 9d590138e97f72307fcf431a273f5af80409c9f2eb848b86b889cd1bab4f6a154719588b85093f244ca912d256584b65d7440dec900aab1160f5cd478435eb68 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSupLib.dll
| MD5 | b1d93f06d3ff479cdbba4e1c9a64f0e4 |
| SHA1 | 9fd00492ed595e62e78e80b569e1c39cab9de1d3 |
| SHA256 | da0b8f8bc0c91b26477ae12d922a1bd9a16d2e40df36407c50f525e2ceaccb41 |
| SHA512 | f5471fd9051c055bc936154475f53c5caf538136f48ad593fa23159b1df31c74956afddd6064d56610789b672d12b2eeb8cd11abb91fd02fb74f8504cc90251e |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVGA3D.dll
| MD5 | 3165c64b85d9d21a6ff2db42ff09f3ce |
| SHA1 | 16e35150c56d9bb9338563662e0185ae76930c18 |
| SHA256 | aaaf64798fbbe4cc7362cd3cb4d1aaa55400ae60f406799800415fb36c8367d2 |
| SHA512 | 1b29c47798f29062cab911a108e289a492d61dbcd019fbd42b7825ccf7720809d0b4f60e29a3bf60595e9b808154a6f61e4b7010174f770b7e208da86799146f |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMM.dll
| MD5 | 0d7e37cfc49b2a947b37ed18967fddc1 |
| SHA1 | 134a6b26de675f999a8fdd0f2ee757c8338b5358 |
| SHA256 | 55eee5d11d82a19e7f7cef79223cc5800535d45592b598954d4466f5c1367138 |
| SHA512 | 0025a9bc8225c2079faac635d29e7d3e5dbf8d45724765a9055f7c74a97b791e51cf5f3290d118b6667473ae02903a2f3830d14caf69e670741e68ddf9cb53de |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\mumuvmmvmmr0.cat
| MD5 | d554aec99709b5e977ac72b2e4cf31d8 |
| SHA1 | d12dc22ad13349970effd971c77f9d5a165ce2eb |
| SHA256 | 6f0ce3c8c3f125d56e6f6c19afc88d38c4679475c720afc1224ab29b8cfb451f |
| SHA512 | 4a441d764792e23d8749b2eec563a66d2a4fdb6c61e195fd76095aefde1b1806f7b5699080c0539df4081f0d15c53e8dd5eba76171abb9661b85a7004bb47038 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.inf
| MD5 | 9ef94bd0428340d94cec3ed921cc2eb4 |
| SHA1 | dd94165626d95ab1d351298843f77e9ca0ce0801 |
| SHA256 | 023cf519b63b84224cb092be487568cac6a75e5da2acb394873dcd48d8747954 |
| SHA512 | 161b31d7870f06b6fd6648f3106e9582825ab81d2279794ea08eef4ec947740b7c4b8a7b4f21e74dff0e2a654cdfcc9f1f1b5727a8c1abb952e31de3b796bc0e |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Uninstall.exe
| MD5 | 2cf6860fbdd36126ae62cd6b9a68e082 |
| SHA1 | 0d6de2281c2f83ea206d6a6259e46f980033b3cc |
| SHA256 | 0d2e390ba3aa9f706ae4d5cd5ddab06adc8da485df30098c4fbe5b9b03abce19 |
| SHA512 | f48dd46a257cf219a0d79ec49d5622763e7db714c87b0f3c659b8e0528b1bda7cb4192f763fa6edead72fee3cd8488c004f8dad33d0048d7873b7756ab0b046c |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedFolders.dll
| MD5 | d617ae87e5ec1821e9cce9c55595e4f9 |
| SHA1 | f39cd6f1528ba80a08b6136a0423804b78ac3050 |
| SHA256 | 60728396bfa0e5843855d4cc265411ca5ca3359cba2a76eae57afcb7b5967ed1 |
| SHA512 | 5c950841bf205e520261253171d38ec97b2c9cef0bba73d58e6b905f1062d0efb5097fae963d6b5b7372cab865c7cdbdf89d6f5b354c50d4716c503ff8b2bc14 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedClipboard.dll
| MD5 | e9f78eeed4800371f7661e0cfd10a1d1 |
| SHA1 | 23fb352f858cfc5ddec37565285c1dc4f35aad32 |
| SHA256 | 5ab420b5b984105a5ada4bf8a5578dce6c3922bfcdfd1d5f15328ca31296e3e8 |
| SHA512 | 4ad7c3713a42341a881cb7037266af6b86072b886f4808e8745715c86317374b3f271cb8f36bc532af2646b7a6b0c9f25b11766c4b585e5a8a95b1f3b9add698 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRes.dll
| MD5 | 02efb4ef8c50a1d60c657dd19e870abc |
| SHA1 | 547069afe3dd59d709cefd8ddecc5bfd32798d7e |
| SHA256 | 5831c6fabdb5ff49e965c25184228c08c4c51ba3d5b6b7174ac051b752828687 |
| SHA512 | 26d35adeed6e81aadfd2e14d81feaf3100939ebeb8ac8983cfadeca1a9b3669e320292286fb07cf89808a027a1286c1bcdc5e8c0f23c8a2c301c3fd7d2fb2114 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStubLegacy.dll
| MD5 | a24d7cffa168b8f4a742f80f4f4ddfa0 |
| SHA1 | 885f8f3160e9b6d5b9cc959a1be91ad78c9f6adb |
| SHA256 | 8147c429192980729beab4393b5486520cebc2dcb6b95274d55a196e95d12dc9 |
| SHA512 | 74350a8937c1c46295bfd7b5ef96902a65de3e2d3bfcd482ffc9ba57a2c82998eb1044df81430038278b753c4b2c47b9ba839031da94a4490769d83741877972 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVC.exe
| MD5 | 672417b44224f7c1ef624de683755c71 |
| SHA1 | d83a5b6d903b7c24ee0a458caeb7c3db80e52fa5 |
| SHA256 | 66a38209fac0f41ad3d6781169faa77c2e384620221c74fa569af278f427eeae |
| SHA512 | 9b5cd5fa4fac913a3c333106b7fc375b2fb1041c3ebd78961ee92c164d415fb5e6479ee33e559a7c869a49d1ad75d4e32ae956d7e127c31d06eeaf56cd1d5d2a |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRT.dll
| MD5 | 63e8381bf53c0416252d1a014a0d928b |
| SHA1 | c4db51db0436b544226398800d71273d03c9680a |
| SHA256 | c0ab581ffc2859b29588b70b841d2a008674ed673a0e1717a855b41738269f60 |
| SHA512 | 813852361f6d4841b9c9fe7df4bf03d57e227fcd73cdf3c1e9ecf72df3e3a2632e0f8f7fda1241836aaa91f72ea03c90cff1a95dffe944b6fc868e685e0a9c2c |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStub.dll
| MD5 | 7e75f6671b3cdfabf1e74dc6e0521bdf |
| SHA1 | da28f119b7707053abd8fe157edd9d7345ce4c63 |
| SHA256 | 08ccef96995cb4c22ce30c865515198366cb466bb2ef98fe6b36aab39c331170 |
| SHA512 | ff7f2121e381b710c276185e952957f922767e7e225e5a934997bee2c2dc3eab8ab4f8f275c090e9ab7f259879d64bc26b2fa5560d3ccbdf948d8de8e340d6f9 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.inf
| MD5 | eeb987061c0c9fe0d0dc49532bc1d3d5 |
| SHA1 | ce2a9f432e29a78ddfdd20806cb5724d9e056c58 |
| SHA256 | bf673efdb64b7e81069eca5b0c50dfb7e6dbb3bb3295f5d034089cd16b528fef |
| SHA512 | 8703585843a33021f4bec2bf674702ca7f48a2fb6f8961539e256212c628660ac75edbf2fe9dae37f3d9267d1ab9451ba0e756307d6133f0875fa4f3898c0803 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.cat
| MD5 | e1712d82f582f98c3a0e78e0d4651c2c |
| SHA1 | 6dd1fdf141151ec19916cbb52b6489589bc8d584 |
| SHA256 | 7ef2dd59e21ca4845a9e09fb64b827cbf6e438e13091fc48ec649ae5fa69fb52 |
| SHA512 | 0c780fc05b95dea9d1f542e842481f3d18d153a87121ad4cf026d001c8520251641005df7b93c8f17a512cee28cca95afa9ca0ebfa66808e11e19c2ea18c04c5 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFltNobj.dll
| MD5 | a3ef245f632306e11a5b64a2b97c9829 |
| SHA1 | d7dc4179114dfe5250c90267b67d82f2beaa9bf4 |
| SHA256 | a8de4f22825c5e406efbe4fdfdf63dcc967337848aa5d6a952abacac52bfaf4e |
| SHA512 | 2ebfa77be8475c8f0e60f5bdfa05e74c321e95537bd2e41ae4cafa2d5098bce8d68a3873897d8e26c8ff7758dc8fa11b87cbf2366a92ffad7d918d863af45a40 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFltM.inf
| MD5 | e87981c99ff763113ca116a3ad696027 |
| SHA1 | f8ad4145189c6afc08fbf5429a6da96aa1d34840 |
| SHA256 | 4364c725e14a761776b123c92cc492c0404393cfa7960ffa173a54961774cdce |
| SHA512 | 4566c22c9c759cc5acd69846fc910760b68faf5aa4573d3f01c328d2bcd24d3cf735215682737752c22e3ebe11e6ff5e49ef8504fc72b1523bf995ac223cd8f5 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.sys
| MD5 | 0ac3c5231442f711d34748bc5d3144e3 |
| SHA1 | afcb04e915cbae553d82ae58d54c2531d144e395 |
| SHA256 | 2457a0c4a3176277e7db80e406f1ddd46c669e01f3f741c6cf3403da31e2ad07 |
| SHA512 | 7f94a88ceabd9ace0cd65cd49297b482f040ad31b5bbd34955b25f6aafce315cb6fac28fa0a1d61614d3eeae7cdf3bd63e4191d59f2d17267870294ad8a861fa |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.inf
| MD5 | e61b659c79361ee58dc58998e4cb6373 |
| SHA1 | d6e00c2002b23b7c4414319ebc435bbd404d3397 |
| SHA256 | 1a15705f3aa1cbbf47c1b7fac1ea8a3e00e17958e6ad6b674be2bd7389a0dfbe |
| SHA512 | 6d7eec93f8dd10184707c2d0c343eca5caf9f0467bd7efc2b1e1bacd2b36389ebe062e3b8f6d5bea479f7fd0b1f27458923c6866cf6e322dd928473b1c72f669 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.cat
| MD5 | 91bab7bfdb03f17ef945f26ba626fd47 |
| SHA1 | 79d5b9f174562756ce4649148bf9ee4bd2829dad |
| SHA256 | 5fab6bfc10c7feb4ab015373ad1368a7b5e2391c3b971341481a995f72fc07cb |
| SHA512 | e53cecbb9670ea918e1946419c40ef2fa3ebea1e067e66fc244a701721bdad108a102d6d7978d9741afc144d4a4540e1142f865ac9932709fe49b3e31419701d |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.sys
| MD5 | 4310bfff02dedf0d13d0b763300bdce2 |
| SHA1 | 50aa2fbd794eba7a6018141eee510c139408d83f |
| SHA256 | 5150461b359ab6bd3be49edd77cd8ff429fb02d4e704155d794989f9b485aae9 |
| SHA512 | b181b835006ead6ddffe577a1089cef3b3f56475644433285d7274c6fd9e2bb4d2dd9e3bbced63a4e7778213aebeba5499ecb4aaf4dfc1751d895b862f4fa2f4 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.inf
| MD5 | a8cf4a14790dcc315d764fa481adb5ea |
| SHA1 | 98d562c329fdbbcae881a4ea7148e6b15544d753 |
| SHA256 | 94bff036fd5caac9be2ce2b60695f5b881e06211d8fa3ac771a82974c6cbef79 |
| SHA512 | 05e08c8293f9faff2cb65aa0b5172324ae0adc1c73469fef4c42ad252ca4ce068f564bdfffaf134f1f72f6671ed4acf27d44d0dae17f354ef1c9e6c7373e37b6 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.cat
| MD5 | 5b06844dd324d3429d14220f8e03b100 |
| SHA1 | d3c29644571053595da3eb84543fb2965fde125a |
| SHA256 | 821841dbd1549bf444e8f5082da3feb75fee3f4feabf117b131058d252e5f68d |
| SHA512 | a73a271ad633da89ffd112a9db387e9705edf30e03b18123abbc82671ea471c072be8a9ba81d1e4a7fd853138f64e265f1f01264a25b24a7118d7758b11d8db8 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.sys
| MD5 | e38eaf43e944f9c03104283f105f5363 |
| SHA1 | 166df8ae9d5e2d3039a5b9a96725c98e43c268c4 |
| SHA256 | e7c6793ec48fd075d74eed04933cd256720e4bc4609baa12eb201ef6c89b8108 |
| SHA512 | 39170fa2c6649106202a45f4dba9800efe0c9e93035df7a59ded989f746cd2d1de971069ef6aae60d34dfbcc7c33b14756a619b430c0289c54439970cc454e7f |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMInstallHelper.dll
| MD5 | f4bbc0ff246a38ec930a455f995bd6f0 |
| SHA1 | 4f44a3b8002245a8648784fc28a6ec54a0c20679 |
| SHA256 | 1256e679cf2883bb44b4d4f6bfcc44cb332f3a802c396e787e2fbebe67a39dc1 |
| SHA512 | 2bddea41502aaf6731e3e3c599190001fbb23604b952bd26dd67b9be7d5a3b17bbe85d1fdda42d78b103394f27c13710f7d49e3272606b2cda267fd31014635c |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHostChannel.dll
| MD5 | a847a9e20ed786d5b5838adbd8d6cae8 |
| SHA1 | beff339b2df315764c14c1794b217dee62d669a3 |
| SHA256 | d7f250cd9f5066b37d48562d92a8315fb5e0b6512d205cedc1297772af0c86b4 |
| SHA512 | 1446db9d00bd26f733b5fc0992343b4bcab8b7122bd3d36d1ea75835ea05eeee7c916c8a408150be8f52a60fdc33f882471dc408f05d3e2f43ca14234c047be8 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHeadless.exe
| MD5 | c1ed3cbf64043c49052768c658f081eb |
| SHA1 | c809a1b955aaa13059f7a3c7a9ea70870c9cc217 |
| SHA256 | adc96ee91e917a7f5718a6a918327b3d081e289d097940c18da79d94036dbded |
| SHA512 | 947ed6e70046d99063788c56ab9b71ae6e144ba1929ec1910d02393acb132c5c4cd11304b4dfaace131f832770a06260d02c47b4aaba11e4666af30bf4ebfae3 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestPropSvc.dll
| MD5 | 1a8e7698d6a8fe8bb8fbdc1bc03e5026 |
| SHA1 | 43c16440a05bdba0bbeaa3dcf9c9e31563c75ef1 |
| SHA256 | c02694a3fe45084e7ef3749795b5fc3ed6f8515397ae78fc1a2ca5355457fce2 |
| SHA512 | 7b46b522880dd5a60a7e41ecfbaf0a36c7e91ca8699147e151ab2d0b0c663f7598266e6bf8a6c35276ad61d2314419f214d13afc496f3b20cb21e0338306f547 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestControlSvc.dll
| MD5 | d0fe3592f2ca04d63045927a4befc420 |
| SHA1 | c831f6dbd84e13170a13a0c8506eca32f1bfd70a |
| SHA256 | 42812bbac82102947c8f09911ed612408b0d8d851339da493de021f15c488c58 |
| SHA512 | 902b34937406d287b4453b78cdd4a2d4f92ff8cf526c03a58e7928d5e26afc5f1907f1d021168aa2f476db941b03dc18de36773d0939da910e922c8423c4e13f |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDTrace.exe
| MD5 | fbc3c4166043d110d30d388edf4b798d |
| SHA1 | a330be676147deea2c8f96131ccf881880064b6d |
| SHA256 | 791c8d5f7c1e2db1d380ac284b784714e29037a245033058d15b285ab87504bd |
| SHA512 | 21f04df9d9ac65faac9d8f3a523ca20ecc4e5bb89e27e7db66501654e1b8d5e66119db0080077959ae41287541ef3764177c902e071a6a21325fd87d207e881d |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDR0.r0
| MD5 | 106dae22290adf78a229d6d3ced17d92 |
| SHA1 | 816485b26e9624174fa4cecebdcbd0a46d38f8e6 |
| SHA256 | d6d4b05170c02ce95c536ae1a2cdd7d3b7a5b54aa14a2a4c4aeed599f92dbb32 |
| SHA512 | a2c870bbb13a1bc9c133e3613d84d108d8a5b940bf416f7c82398125f5661102e8a9f41c9e3aa7b4ac11d7bb9beca2d3c101139b962bb5d77a502f2bc9f16957 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMC.dll
| MD5 | 3aec0d63173a168c3867dc4b7702fc63 |
| SHA1 | 0393c5621e5f6f4e7e148d2dc97f7edd6dc78e5f |
| SHA256 | 5736d65e53f1663c72eae70f9446e2aad37493dd59007a105733afe34238f202 |
| SHA512 | 9e7cdd8d07e60962ebf3138225cc7be9fdfaaa333928bd3faf64ec2804ec730dc4935a2ceb9a213ba2055b5e177987727444f733420e9a629e3478fe65f9d769 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMBalloonCtrl.exe
| MD5 | 8a7994be6ea941296b492252de59cc74 |
| SHA1 | c5f3ef41482961a89f5649fa3a229fd334f2d268 |
| SHA256 | 865e6e5f38e3bcefd5d06c4591208f2d555af5294829a4cfff55299ca230dcbd |
| SHA512 | 9d20c3dc2582ed252dac46e323c31e019fa8d1e7b8c777596b0e512b57edf5c755112adad2d0e0db0ba8e733a07bc6b895ee024293b1045bb359fc0b0c70ddaf |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuthSimple.dll
| MD5 | 271baf8cbf8282a9310a5026c2f42d03 |
| SHA1 | cafccdd75c95d06c9d4849b7009351a9459ec7a7 |
| SHA256 | 4e61790ff8ea8279a003c0427d86248dc74643ceef14dd0bc6543ed008b960aa |
| SHA512 | 9a9469920d86b75f1a95817e8c3bab4bd4d17d3240b5837d7777859a947c5a0e4a3987f1b0c91c4366ca970acdbe81288b9e2cc170202a972b8394d6c7667bd7 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuth.dll
| MD5 | 419874bf64461f173a2dcde30a9d068a |
| SHA1 | 0cedd525d703e5cd680570d79476ae5600cae796 |
| SHA256 | fc8b92180b01e3c0579a8ade48fe5c98aed818de0f93de16565905fe90b3d092 |
| SHA512 | b5389d13e36424b6d205334bff0c82de657463258aa8cced5cb5b6dcbac6b16c81339c8254fbed77d1f49896c8ae76ed05a05b6afe224abc34dd99cf744ce882 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcr100.dll
| MD5 | df3ca8d16bded6a54977b30e66864d33 |
| SHA1 | b7b9349b33230c5b80886f5c1f0a42848661c883 |
| SHA256 | 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36 |
| SHA512 | 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcp100.dll
| MD5 | 4f096d96285e06cd51aef7d2d3de04da |
| SHA1 | c90ef0eb5b1a0b1b85ad6792291747fb6307dcdb |
| SHA256 | 5bb420fbe28315f2117376052bb8488ce84a3398dda65005b8ae1f792017e9a8 |
| SHA512 | 80f558c50a71ad9c4930b3838b481e4fb453c38d57c91f7f70c1f86e4043b9a4fbcec27d7c025285504cbf3bde7c50b4770f18121d7818ac58e2ee9c2071f97c |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\loadall.cmd
| MD5 | 571b20f2505a377eea3b6a2bcb2a31f9 |
| SHA1 | 6240b4fb57d2844fc7a5bade5096f096617a86b7 |
| SHA256 | 13f7090c7200549b7853e929931ccff1ba29e3497286d37866c14232f1048c8d |
| SHA512 | 930b966ce36d21014bfce9e117af38718ad0a0ea1b49bc1fedc6136ff71b043107cb07d8a879e3588dd64f45c2181fa7db6261363d80f5bb31144fda673d34d2 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\load.cmd
| MD5 | cc59f91feffd99c115c0a903cff28168 |
| SHA1 | e83df545f5d390d0b7210f7aac0d4ef37e00f0f2 |
| SHA256 | 25bd2bd5472fb2097f2e79e66ffc3bb6aa3d2f974bf9b43d08045f09928a2efc |
| SHA512 | 46369b7866fd4215620806a7c12938865bf7416447ccd3fc15cfc6f3905bc4ac07a162b015586183e3c35ff17b607ba963f6ade3de81f15401e2d6d3418756d8 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\libAccelerator.dll
| MD5 | 8041ed0f7b41a89d6aa0fae432ba9316 |
| SHA1 | 4c30b8a9647cd06a7c3c6d883e1dd9ccbd7f716d |
| SHA256 | 5a5f25c1d17557c9cd8740967f2c8de8b23d1caff2011043cf61e4b59cabb9ee |
| SHA512 | 3b3295605cd2d043ea6ebb0e0489f2225d85e2915a1f15e1f8b5424fd7140828f3e342a65c42aa5ca243ba3f10e1e27ecb5e16865484e407fcfce9aa8b96485f |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vbox-img.exe
| MD5 | 258a8fdbfd2097c1eaf174544c40b193 |
| SHA1 | 80c0565244c49b9c2ac69e72e72e2bb23e625fb8 |
| SHA256 | 730ce3b17a58e26bdccafc9a929738e2f204bdc57281918d62cd9845531391a0 |
| SHA512 | c7e98caf9e0b5db6364a20bf6b518172524e4edaaaf3041ed00399cf57ac4474d95c0094596bc8b0447d88cc27c6c4d1995f2dc034535717fd86d755a0bf1f24 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.94.0\VAddressDevice.dll
| MD5 | d1b49099704f416236c17d028c2a601c |
| SHA1 | b7b04f381dab7838e7d42d5716652debe287ade7 |
| SHA256 | 1baa6c717e0b402a75872210e878749d021e6b354d21cb94e59012d2f19a9b32 |
| SHA512 | c98a3b8e4294240f556603bfb79fc06a92a436629c84284b7beed0999296469e4315ddab04ea0e76cca22a40641272dd53a88d5d0f2570aedd11c0dbb589dae6 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.92.0\VAddressDevice.dll
| MD5 | c452f408b06cf88692c03ba5c534bd76 |
| SHA1 | 8b3c315e115ba8ffbeecc7878a3034cefe65b5a3 |
| SHA256 | bc2f9fa16c1899e8d92a5d3a3f7dfbdbb9a1fc124e252259f2d86f207c2b09d4 |
| SHA512 | 3ba6e6ffe15a3db3c9a5531a6572de75e428f0608a8b8abbea8e1c3e84bd6a278524b818e9b2351d2cf10094d881696e8051272ad0bd741c893efe31b62f6ae2 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.86.0\VAddressDevice.dll
| MD5 | e618cb77d4bb5f61a88fdb91303a2c1e |
| SHA1 | df3f87309db42eb084b46ac963e1c7d69eba8a78 |
| SHA256 | 55fd58e38c0a9e2f60b5c03750d45ecf0b1b7b873b84a531c224e4bcaa4bd064 |
| SHA512 | 5acd329ead414008cc670303f404ddfa68abb67dc6f4211d932bd74f7ccbf36e138caaef1ea35b783be5eb11d2efe2c33fb0088aff8036c3fa738db9f5c62020 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.69.0\VAddressDevice.dll
| MD5 | 5396238bbc8c218e819f6715b20e6031 |
| SHA1 | 55ab28093742e28424688799729bc46d60a95a4c |
| SHA256 | 33236aa3dcaa4714e0e663799a3fac83593c8afb6e164c1c1c2fa3176a95b15f |
| SHA512 | 54df0b2dc50a26c1597932e2362c7c3c92afe83c262a8fea7221c15a3f77caa55897d34c675370eb9b7b955cf2398d26c1bfec4d3e0484b0606b57a4cf0f9c1b |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.63.0\VAddressDevice.dll
| MD5 | 8c7fa231e13b7b380f8d2b456bfbedb8 |
| SHA1 | 66e153f427c44c90ef1e59e92723e95a99f75e8b |
| SHA256 | 310e5d67c32429145f05e82848fec26176fd1c50d01418a784669c32eb0288c5 |
| SHA512 | a62156e2f6db5b5efcaaa17d30233c167bf6b062d6410636d99e56fd0361d936ff3fcb8b80726165dda7bac0f7eb3b178dd604614a380addd1ba7be508e2e4dd |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140_1.dll
| MD5 | 3b22b2ec303b0721827dd768c87df6ed |
| SHA1 | 86f8af095cf7368ccbff2d0fd6d33586145acd2b |
| SHA256 | 3b792da47040c3b3e0804cdc5153eef4e802b6975963029d8dc360cb824a7b62 |
| SHA512 | 79db774980ee132797f7e7dbc0e055b724d8fbf0e4917523b285f918730adfff81022cc6f5e15469b011d55501fd7b085bc070e9ecdfb75c05f4d6622a7f2475 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140.dll
| MD5 | 0c583614eb8ffb4c8c2d9e9880220f1d |
| SHA1 | 0b7fca03a971a0d3b0776698b51f62bca5043e4d |
| SHA256 | 6cadb4fef773c23b511acc8b715a084815c6e41dd8c694bc70090a97b3b03fb9 |
| SHA512 | 79bbf50e38e358e492f24fe0923824d02f4b831336dae9572540af1ae7df162457d08de13e720f180309d537667bc1b108bdd782af84356562cca44d3e9e3b64 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\ucrtbase.dll
| MD5 | aeea6662f0f7819a077b99441c36178c |
| SHA1 | c3a2ec7fd791235b8b1f2371e94f25a1670f7d00 |
| SHA256 | cd48756e96740f84a2aacd6c308997a4a36a953cd77f50cb54c27915a5c5c302 |
| SHA512 | b4b3c42e716fffe98f1c65bd2b0f522725ab8b43a7739c0a925b850fc0601e77cdc1e2071813229477d129caa73813ef6eb5c4c806d1c48c90332c429365d639 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\my_upload_md5.exe
| MD5 | ece6882c94aaeab536fc8a168d744e04 |
| SHA1 | 9ac8a75b32c9f846231994ef43b2bc8e7bad44d9 |
| SHA256 | ab96dd5cc65c4bb1b827561496af5712722441cfd9fb3418847e274e7c114798 |
| SHA512 | b6b1a8bb1e3877e2280e9ef6164626da2b580e1e9471294898a1bf27e231560fd3540ce8821759a0dcc7b6680eca81500152d666492c1ff7fc9cdc8bd33080ae |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPUninstall.exe
| MD5 | 5406b2c9bf3b15691375fb30d1c333cf |
| SHA1 | c4968cd87617fb577c6f136be47b53e9dfd7d324 |
| SHA256 | c7eccba4a31e43d4b20a360c7858ed7eb12a6252202487b141422b25eb268fde |
| SHA512 | a37cc0750b2a1094b16fbf118a6dcc8745f6b0390c8286540868a77e98eeb17181f67a57c96767e89520d118381d50429f05b082bf509a9b763c7d16de0b5a66 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPInstall.exe
| MD5 | e33988294e3bf2912a26b9f9192e7580 |
| SHA1 | 66ffa50a155fc6cedc1774b8720ee603045a38a3 |
| SHA256 | f6786abfcafc774f6c70dc85ff702c7779cc08c5e7bcc088bebf71b4ef46d58f |
| SHA512 | f3554a30480a2dc8981e86cb6bc32d64311a879d2e9cb922144e7c9dd471138673cfd1348d1d3295b48238cc5931c785cc02b6a4bab1e13b6e15719375e522de |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfUninstall.exe
| MD5 | c1daa5ef4cbcdf5d4433a3b0e9825c6c |
| SHA1 | 2c5abc45abc8a58ab66528d666c2be2e7d22f294 |
| SHA256 | ec2c0a9e11a9072985132004c9962bc528269d7a92bd11d105b529e1d6e03e8b |
| SHA512 | ffc650aeb4c57e0e32020cfacc1845813d147cdc5c5fb76fc66fd7f7debffada389ea949f31e70a64d94c4d4d97d9ca2abf45345470bc6c9611a41d746e7f3b3 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfInstall.exe
| MD5 | 0642ecf0ed6dca6938ebed269a3094c4 |
| SHA1 | ccd17c3e6e0eda4a701c5a8f25df50c948fc16e0 |
| SHA256 | d37b9ee12110b1fe757990b8f9fc7e4fe9350c4d26e52671de6c55203f629fff |
| SHA512 | 6e975d77e8766e686861cc6fc9fab195ecb172d4d4ded1ae02b962a285a8a5e9ed4abf46b04777582b2f6224f362db2c035329c78a9579c4f36fd8593afa0a6f |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltUninstall.exe
| MD5 | d7f6a5f24ca0d92d26075a002875832a |
| SHA1 | 64a27dbbfe27f4867ff8c0fa2f0aa5a3f1968b2b |
| SHA256 | d4f5d26bafa4c3e3c466fc9395be81eff8670cf00a01bacd3f5bd8c22eb460c6 |
| SHA512 | f0566e17920021feb18758302be8c3dcd3a02dd2f5f6402888b84daf6f86a668f8d692c8b448ddc275f92961a1abba7383591e2f77ef713447e498b9d7eed0ac |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltInstall.exe
| MD5 | da3e3159116e69f1f542892bd1e2ac3e |
| SHA1 | e48bbf9de386f2d067a29edec9332ef000e683e8 |
| SHA256 | 7a035ad151ef512f54cb4bf8c9bc8fb28e4ba09dc6035887a118aacf4fa50e6f |
| SHA512 | 4c514ca647283c1d2ffb5b28ef30c0cb701655a8edd3b9b5866aa7fd2a4e0e30012010794b451cfa8d2a00d7c1e0119cc627df93ec557fb0020d43ed0e4f1614 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpUninstall.exe
| MD5 | 281bd3e5c84d35301ec837b59c503e5e |
| SHA1 | 4fd001158a33b77f15001549db38e4398de9336e |
| SHA256 | 10f55e5725a7044e9120403db8284eac76c05f485a6cbb5dbde10d2a616b88de |
| SHA512 | 47d02e1ef91d4bbd1d67ce1ee68d61efb29364b9b9066963cfecc423652e7fbdf06e475572f0f46f367e0c23ae0d01fe2dcaf907e84a822822842d3440846ca5 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpInstall.exe
| MD5 | 0c7331875db82690b86948c1fb8eac1d |
| SHA1 | fb2e8cd541c721ef656013b2ae122f440902043e |
| SHA256 | 2eb76a57e7546b60b800c38cc340e84210317e16fb2c7329d09bc23deef90885 |
| SHA512 | 0b27c225c9139351c5dcaeac07e7ae0982bfe340ac6f7efe455807ee242107a7ecd3f2c86a9fe9426ab41913721b3c227d2a226c99ea48792fc887444e733bc2 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Install.exe
| MD5 | 23fcfa8100447716302f10678ec252e6 |
| SHA1 | 910024cb56024a6c79465f82f55080e906210228 |
| SHA256 | e50bef29a5761e459f7a121aca4bd0c953005f501de7cddc35d681434bd2a13e |
| SHA512 | 8fe1a51c56fb349bad342c3cb353912b83327f5c51ca4545a1263b4b2af2228f127334837f095ed703cf0e46b5c72fef37ba35a9f2b862c0fd12defee8f36604 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.r0
| MD5 | 3fba4bc28fcf269cae647d13a3b4cbe3 |
| SHA1 | 47eb1f7dfbbee99200ac47bc9d5cce17fdd78e62 |
| SHA256 | d33aa386475bd529f8c3c9edf9449e9b51b71d8a84515390e405bb246bd57807 |
| SHA512 | 5ac2042ae175938754ec9918014ea546bd70cea8ee2b9670360b9e4043982bfb103d3fcc6d5c811076fa52205532d5b00e3e6e8923144e4bfb37bb852e8bd041 |
C:\Users\Admin\AppData\Local\Temp\nso49CD.tmp\ExecDos.dll
| MD5 | e2716246ee731417abee9ea26cec1d56 |
| SHA1 | 6687e5d8b0b705fcdd9a4020215891d5b7723084 |
| SHA256 | 691ffd34264d1813827c35083367a08aec974e9f79fb585b7d2d367c83760fbd |
| SHA512 | 355bb040570a1ba64a03463a9e6695015c2ffda5f30b7ce801c39ab1a7ba36134bb8fa9b5a1ffd102f6d71091b77133f8d68d305d5c1949ccad2e8eab0258505 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.r0
| MD5 | a5c0e348e7cc0e4cc570aacf9ffcaf29 |
| SHA1 | 446506fde338687fcc91b176361b51b0a8133045 |
| SHA256 | 3ae59d3eacd1f837d3163817731820b93139846021aa8aa7220060d174d6cecd |
| SHA512 | 966f4100f17bb3a89f650c30f979f15023105f1db2f840a03b31bf53ba5188ff5994baf110e489060b858296b49d620551111695127da8d0ff34360a58c65822 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.inf
| MD5 | 3a31f44dff80797d944dc1c76abc306c |
| SHA1 | 02a336a7614ec019a65a90c971c648c34c814e66 |
| SHA256 | f39e3b98a17d4d946879284466a27ec946a07bf869f59ffecbb38451d81337d1 |
| SHA512 | 1e3382d8bb6f99d96ac9272d9aaac5012fcb31e83a072d22cb4b8965c8c636ccefd31f61e51ac6b8fa79b7fd70038fc259dd45d22b9bbb267f8f17c9b66472cc |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmvmmr0.cat
| MD5 | 2e23d6718ce96dbfc1be7382fead6ced |
| SHA1 | 09b89d917222114b82ac1c3476ee31e01c33842d |
| SHA256 | 0885d7ea48192a21d5f37597315c961f6f6a569a4c79080c3229e3c443239efa |
| SHA512 | 54f8737e7d3139b654860ae0aed9ec28d5c2049b1e76bff244f8524196c4516023a7cf69b03e4151106eba7145f7c8ad5ae5c2cd62d96cf959e97071aa1b85d9 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.sys
| MD5 | a8071a473dcf9147820fa684fe725ac9 |
| SHA1 | 33bffd62c5555692d3d314ba211b40414f5f580a |
| SHA256 | f377895a45410c5585c27ffb7a44b68b1002985f0c03f562b4b21ff6399f8eca |
| SHA512 | 436af1b9bef2cadfd1ece3215cae1662217f4f2e5a299f4773db6748c6e26a78c3957a2e314c4faa22b930b08b811210b25e176f3a985ec0d9322d66077d4250 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.inf
| MD5 | d284b3ebd57e803451aee5aa7d07d496 |
| SHA1 | 4cf6e3f2984fadbd2fe71c6a0d403b2e5c2cc759 |
| SHA256 | f2eb223b9f3eb6383bbbfea0b195f3672e8492041d8bfe89505f2f3cc7d462bc |
| SHA512 | c11de75732b67fa2bbb695e60c0c7f75a52cabad86c58d72a05b4f6fca56bb886bf9451f6ef5abcb91c3e65f195176c45eff15846ccc60e7f782fe725685b5ee |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetlwf.cat
| MD5 | 6744dc4f16200c37a96cc3a0e5556285 |
| SHA1 | e338196e4af4d5a19b42a2a03cb98447625673d2 |
| SHA256 | 5aa222dfd3ab9f7316c1c39441946973ab801c00763375a90cf7532b592c4086 |
| SHA512 | ba89277be0f910184f0a72a1b0f1d7aae2e540775e86d48f42ab9074e58b7ff6c3b2cf4c717d3d1923f7ff10886a76bf926ebd6189872c6c3fca799fb74b0213 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.sys
| MD5 | 565d6d7e77d6fd5be5ef21fa8188a652 |
| SHA1 | 02bbb60161ac4da75ced5257633b52462baeb908 |
| SHA256 | 8517e15ed543bc12a940b03ac5da50c63af1173813640bb1569ec62e45073584 |
| SHA512 | 7f4763249278e8c89559d0b32646ced82107b440a9819cf9ba967a0cc749114f02f45ce393ab89a07bdc89d6febe047304d5d2e85fa8ebf48cacde814e3dd2f1 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.inf
| MD5 | 127d117df95f3a294b254f65ca929340 |
| SHA1 | 49f365425911dcfb17ce8f08aa156a66878f0e4b |
| SHA256 | 6421fe11bfd94be2a659b4a39483dd71d0c983de9d26caeb22ce92d0d224f39f |
| SHA512 | 13e9ee1496af276ae37e8dc236a48109e06b0b044fe05d88415939d3a1db0076a0c95cd7c88e715ac4df01603dd3808a6bf21ccf1ab19895b782b2f91f32f08f |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetadp6.cat
| MD5 | cab436e5abe7f446f8848dea729679e1 |
| SHA1 | 6c6175df099341fdd9a67cce631e2fe55fb1dc2c |
| SHA256 | ff9525380df941cb1bd07fd72f27882db4b96699d9b785e4c3078b3cbd6ae618 |
| SHA512 | 15b3c72e20e3c1dd1f184e6bd6b8541efc798e7d57878bcab44bcd46f8d30593faf83596d5d1e0862558cfd316d5f1967be912056efd0582521548e9c963a9bb |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.sys
| MD5 | 55879de9dca1782537ae1064b2760007 |
| SHA1 | f5ad275c3ed5bd8baa829edfe008b626e49f42b4 |
| SHA256 | a9bb3be7ce97d0f4ecb78788ffbff7379ab0f7548715049b59a587ded1e8dfb7 |
| SHA512 | d8efac11593638fb2baadc7d173113601d3da3aa30efa0af3d295e8f814642bfe81cee7bbece2426ccccda48ecf1969f9de04fb54b44f185ff2f9f740178eb98 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.inf
| MD5 | 2741226667bdcd9e759f536756f56eda |
| SHA1 | cf437c8a63ce26b0e2a573409c976fa1f7c629c1 |
| SHA256 | 82606488633ca10859a8a80d00be705a08509b35a9c02aef8b3dc70335bdaa93 |
| SHA512 | 774699f466a423eb24c1d3b5ed45f49e2eac8f931fc7ca825d14a10a19402e3fd95ebdb5c7c2cfee6a4aa6219ffc157c09a222512fb7b3cef888756c1c12c810 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmdrv.cat
| MD5 | 838ca6cdba04a33267a12f9af842154c |
| SHA1 | a85f476eec0f129676a5552e8984fe9ace437118 |
| SHA256 | f10c1616e67f2f9d4ccc15e59ee3df8e6413129f6905db6aa84d9ffe7e7fe662 |
| SHA512 | 3c522db4d5e835d8fd342ce65f0ec876b3e20dff1c9fd7044b04cf1a0f7fa9c7b8766bbbc8ca71a25c64a7e3ffdbc8a04c7b110494ec440806961439b5b9ae34 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDDR0.r0
| MD5 | f4ed8c30dd14afd80baf61af4f8aef5c |
| SHA1 | e3d6f1480131e932c1473c6b1d4bec6ec6c2aaf1 |
| SHA256 | c65929b0e12123e079114fc67e6052e03de5934fb65429d637b6242fb021c5b3 |
| SHA512 | 922862e372048f29d4eb39c0a2e5fc921e6643e454825f476cfb98780b3d02181b91a9b6f5590d5f4206d7de391aeb6e5e3b72a8a9ca321b77bfc10d9040a3e8 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\VBoxEFI32.fd
| MD5 | 26b623e43df7cae3bd321164407c3e35 |
| SHA1 | 64ec6d9498e488d85a9161dda25ddcad7fe61e9d |
| SHA256 | 0ebd5e6f19f87499719bfdd5827444667eba1a43b35a584052886bca72ef99dc |
| SHA512 | c8e586c0bb46ba3fad49e57da85d0228f716094e31e216b82d3ef94a438f3254227466c0beb2903e51ff5c3a3cbbc9551f0f7097e2b1d2845f34988d76fac16d |
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeforeScStart.log
| MD5 | 0649d4c069fb3136de50d9ebe44b7cac |
| SHA1 | a58bf5d93120eb91eab5ad7af282c99c0e36c4ba |
| SHA256 | aba93de5e732f49ecdd398b49f44752478a6ba279222bfce8b622a37124fbcf5 |
| SHA512 | 829daae9029c6741c06374f2b7f642e88d3f5707d7eb9ef45692a16d1a05f8d6f66305ddf51a222a8748157317f76c5115cbf1bcce0cbbb4b0c4e56a50813854 |
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-HypervisorDriverUninstall.log
| MD5 | abdafce361b743ce2b265c8fa2b9c1ae |
| SHA1 | dad27f32a35288ec4dd75115e2b73932968c0241 |
| SHA256 | 54aa3c35d1230b46f7b3db82936b288312f7b1ce654a77252d170c5f38aa9124 |
| SHA512 | fcb6f7c029dd38cee4d83af4af4a0942c94af053c2e69f32566ab214febb413509876c79cf0450d7a0f81b167994aa15f2d861c3d55ebcafdabef2fb9315a939 |
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeginUninstall.log
| MD5 | 6bbcfd360c0797e6650f0d3cb1c36109 |
| SHA1 | e22b5f6a4654134d687a3908464e67faa23d84ff |
| SHA256 | df023ca139e8dcb21f0d4a603b34af95f980c1e388c97e4735dd698d0329113c |
| SHA512 | 0281c1cc1b104c73f130068a905e37b75f3c3a40884d3e2cc421aeaf6a3c6b938393894fe750fa7de44b9d0a25f9b3c11bb386fd133b3d710a549632ed9ea604 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\SwitchSpecifics.qml
| MD5 | e6dd3db4f8a582e30f07b77e801428f0 |
| SHA1 | d207e34278440fc9b47c6480a47fef13870ffff6 |
| SHA256 | a3fff66cd7217029792e7fce403cc658b0ea03b2d3a2860f57479c8ea6bc1372 |
| SHA512 | f58e27d7f36e05cb1d6277629ee2e3cc239b2ba73a75d1399a048191e4443dbb1360922b2cc0d36c3a19b04fcdb64f5dbbd0a838736dca658b9caf856031c5ea |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml
| MD5 | 5435f060331a523b9e5db9c9957756aa |
| SHA1 | e0f07b59a0ac83b7cea1716cdae4a59aeafa396b |
| SHA256 | 91d7772e4a193e91a093d59451508cdb89448eaffb4febda26789777afbacf3d |
| SHA512 | 536e731672c1348222490d39099712c7bbcbf8d0c6be5d0f3517c10feb1b47d7942c18703e18c28f36774546a41f18d61fa8096e022a82947d43b11a2641d187 |
C:\Users\Admin\AppData\Local\Temp\nemux-downloader-ecfac945-b5eb-49e6-8489-c74d258f7683.log
| MD5 | 89b732ec40a417462758c80c76d40439 |
| SHA1 | 2317e9aa35919df716e2072060c76c7f04b8d030 |
| SHA256 | a2508f33cc98f159d7ae316c036cf9c1c15fb763cd7564199ae4492f92975e9e |
| SHA512 | 1238c65094e478d2add9bb4fa045c904f1f8dd248eba942853371fdb057b8fd6e0d4faa5fde7e211e99f7d6fee5e1f5bf96e1fe33518cffb629c46c5d432d97c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0159e9ae8aaf5fa432f143d2be257906 |
| SHA1 | dd3cd58ead517385767845e5a0f914db7cb883b0 |
| SHA256 | 8c8ad3358a2de502986cd8f5f95b6e889ea6eb65ec3dfed6bdce9fb7d8b405ea |
| SHA512 | 04ab6a4b02a151cd04de231ad8e34323c20e13db6fdbfc9f209882e0af7dc32732805fff8a2f48ed60ddb86dfd49b13e7f98f28f946067ede22b793abbaade71 |
memory/3608-4372-0x0000000000620000-0x0000000000BD5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8fbe97b348a6e0ebc7a9467baf4e5d3c |
| SHA1 | 286f3990ad67e651317aede1f3cf903b859baf3a |
| SHA256 | be5eef8dca1016d09d33f70cc1955f6e12a6f290099fd9099aa3cad286c7760f |
| SHA512 | e2af0c5b8eee85d0dfa3e9780ae371199fb58c304421b226361fc8435aa38c2974d0c4a7ff067c607db8affcf5461c49fbb7f56c9cb534d15e3782763409a0a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2ce3d7420f978f00d86bc957b0c6d758 |
| SHA1 | 54a377c91666c45de04e5910efac72d288784850 |
| SHA256 | cdeb54f31f99769e87949c9354eeb78d5f791c326dd5b93a204a1c14af68f284 |
| SHA512 | c6cd11d158388f5f3e38fe434494f31c47547f4acd996a74ccc7600f7cb17da2b8f4120db6bcf6269bcdfe7804032a38900ba09b95393b97b222a405b45517bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0147de8d7b87eeb768b5f88f7bc18c29 |
| SHA1 | bc96afb9b99fb439dc1531dcf5a89200541beed2 |
| SHA256 | 8e322d4da245172bd7a57d5677156fad9dfbaaa7aaba3dc7b623ca898f832ed1 |
| SHA512 | fff196b325980a7d9442656672f5f73c99339ed29674fbb4cab544f992d0ff8725a62ae3700c30721a2b86ca3013e54966644cf13a45034c97cbc8edb41e4fd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4eff4dd76c8ca349a34ea8f130bfc102 |
| SHA1 | 8b0f7b86a5cff9e9219384a318946d648714d2c8 |
| SHA256 | 73e35a8eda8748727f55e39db8bf564f5f4687bc3ff0e71e92705b94f1e2a974 |
| SHA512 | 3357e66d2add115a7d086371f75e17810da65eadf44b77c90b53a071444772fa9e230d055dfcc3ab58200259d25bdd3aa382b58cdb735563974ec622699fbe1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 787a9d81f1a21fdaca0da44815b65c0b |
| SHA1 | 5ee8bf3fe294e20ca5450a1aa722643a7aff205a |
| SHA256 | 5f07e5af5611c04fc00a1202c96c5fdab375318782739fbd4025f270201677e9 |
| SHA512 | 7c0d14eab19b0fee3d69c1c0f4c10c3549be6aa980c4376993a17a9cc8143dbe4bf3d383e52fd03b4417e1f38c0812e678574077b9605e5aac50cb9f382cf0e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d2fe7c624abadee7c83cf6f6cd39e109 |
| SHA1 | c611d2ed67ea93eb8cb1adad6defd3206363e8f6 |
| SHA256 | 124f47dd8aa68aa5466f6ff4ab23be9c3dc173548eabd94ebcc28126ab12c550 |
| SHA512 | 2c1d3969f556786cdfa2bd2f3472b2e0aceb99cd586541cfc3adde810f329aeec466b023b525585f06ddddacab05579ef2d8f445c68c655ed3fb5e341cd746a6 |