Malware Analysis Report

2024-11-16 12:53

Sample ID 240812-dscpxasgkr
Target ZetCheats
SHA256 77c6034ab8cf52f5285eb787c087d9a62d401bf1fdf9ca9f140aa4adfa23e5ee
Tags
defense_evasion discovery execution exploit persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

77c6034ab8cf52f5285eb787c087d9a62d401bf1fdf9ca9f140aa4adfa23e5ee

Threat Level: Likely malicious

The file ZetCheats was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery execution exploit persistence privilege_escalation

Creates new service(s)

Downloads MZ/PE file

Possible privilege escalation attempt

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Launches sc.exe

Subvert Trust Controls: Mark-of-the-Web Bypass

System Location Discovery: System Language Discovery

Command and Scripting Interpreter: JavaScript

Browser Information Discovery

Enumerates physical storage devices

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: LoadsDriver

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Runs net.exe

Kills process with taskkill

Uses Volume Shadow Copy WMI provider

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-12 03:15

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-12 03:15

Reported

2024-08-12 03:27

Platform

win11-20240802-en

Max time kernel

347s

Max time network

668s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\ZetCheats.js

Signatures

Creates new service(s)

persistence execution

Downloads MZ/PE file

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (4).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\ColaBoxChecker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\HyperVChecker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\HyperVChecker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\HyperVChecker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\MuMuDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMDragAndDropSvc.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMDrv.sys C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\win7\mumuvmmdrv.cat C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMGuestPropSvc.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\SUPInstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\.backup\Hypervisor\.backup_info C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMHeadless.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp.inf C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp6.cat C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\SUPInstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\vaddress\0.0.92.0\VAddressDevice.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\vaddress\0.0.94.0 C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMDrv.sys C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp.sys C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\.backup\Hypervisor\ C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMHostChannel.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp.cat C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSharedFolders.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\NetAdp6Uninstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMRes.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\NetAdp6Uninstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\mumuvmmvmmr0.cat C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\libAccelerator.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp.cat C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp.inf C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\load.cmd C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMVMMR0.r0 C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetFlt.inf C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\NetAdpInstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMCAPI.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\NetLwfUninstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\tools\my_upload_md5.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMDrv.inf C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetFltNobj.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\NetAdp6Uninstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMAuth.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\win7\mumuvmmnetlwf.cat C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetLwf.inf C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\libAccelerator.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSharedClipboard.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\NetFltInstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\tools C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\vaddress\0.0.92.0\VAddressDevice.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\win7\MuMuVMMVMMR0.inf C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp6.inf C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\NetFltInstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\tools\vcruntime140_1.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\win7\MuMuVMMNetLwf.inf C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMDD.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\tools\ucrtbase.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\vbox-img.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\win7\mumuvmmnetadp6.cat C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp6.sys C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\NetAdpInstall.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMRT.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\tools\ucrtbase.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\win7\MuMuVMMNetAdp6.inf C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File opened for modification C:\Program Files\MuMuVMMVbox\Hypervisor\vaddress\0.0.94.0\VAddressDevice.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMVMM.dll C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
File created C:\Program Files\MuMuVMMVbox\Hypervisor\vbox-img.exe C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (4).exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (1).exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: JavaScript

execution

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zAA752198\MuMuDownloader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zAA752198\ColaBoxChecker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (4).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679061769748483" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2ABC898-AAA2-46BB-AE9C-2312F3965DF8} C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F693A0AD-26CC-419F-9219-04B04502FCFE}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A44D7716-3019-4114-8E86-7F9EDB4EF4C6}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}\TypeLib\ = "{897829bd-0f65-4fda-becc-86d05e0b5586}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E378772C-F243-4559-ABC6-3F34C97E60CA}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BBFA2EB-5C42-41AF-BD27-82F6D92035FB}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD94B1B9-4E0A-4E29-9523-87773798D7FE}\ = "IVirtualBoxErrorInfo" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{80167222-E49B-48CC-9AB0-E62730BB4949}\ = "INATNetworkStartStopEvent" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A154665C-E091-46FD-857E-80717FEF416D}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18AD67AF-1C7D-4629-9816-BE83B7E1E644}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68D9184B-207E-4C3D-9BFF-F97B1504AEBE}\ = "IGuestDnDTarget" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68BAECE2-48F3-492E-86E8-EEF8E5C24AB6}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21640CFA-3173-46C9-B848-34C1AD2021F5} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EB71AA4-CB5F-4B9C-95E3-3F16307A2016}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5FADB2EA-FC5E-4C79-B31C-E1E3883E7C08}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\AppID C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0B143F14-AE88-4064-9405-4918110132ED}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21B6AB43-C688-4445-9A7C-F6FD082DBDAD}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{934A2FA4-FEA3-4ED3-925C-33DA81CA34FC} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCCAB3EA-EED8-447D-9505-6DD1A0C030BE} C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4BBC7AA-47D9-443A-B411-61CC680A6EB4}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D026AD1-8158-4EBC-BDFB-AFCA7630BA9E} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9DA7803E-B5F0-4BAC-9714-25C395CF3213}\ = "IExtraDataChangedEvent" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1F046C75-9336-4D11-A181-B93EE1F74E3B}\ = "IProgressEvent" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE116748-F53B-460A-8AA2-24841E23BCB2}\NumMethods\ = "34" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{82FD70B7-6243-42C7-9E46-0B261CD0E1D1}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59E49F18-EE2F-4321-AF6B-67F13D044F8F}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19853619-ABAD-49E6-8857-F4F3E4A3E497} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D026AD1-8158-4EBC-BDFB-AFCA7630BA9E} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D04F1D0-17B2-4D45-A053-7031E1DC18F1}\ = "ICPUChangedEvent" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B25DE3F-4114-480C-9BAC-AFDB1E295E44}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{659A41BB-448A-4687-B370-056586550524}\ = "IGuestSessionStateChangedEvent" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF4BF3F-BE03-4047-9F32-A3C596EAA7CF}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c} C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9DA7803E-B5F0-4BAC-9714-25C395CF3213}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{902238E0-91E9-48AE-8EB3-159A55D749CB} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0323D2D0-F45B-4925-8D66-A2F06DCAD930} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{80167222-E49B-48CC-9AB0-E62730BB4949}\NumMethods\ = "14" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{934A2FA4-FEA3-4ED3-925C-33DA81CA34FC} C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0323D2D0-F45B-4925-8D66-A2F06DCAD930}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{82C607F2-69C9-49B8-A831-67EF7769159A} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C3C185E1-CBD4-4B4E-A6C4-0A3A7002540E} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8BCBE07-EDE6-43F2-B466-BF3FA8E03B38}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A44D7716-3019-4114-8E86-7F9EDB4EF4C6}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC413FAF-562D-4D88-821D-46334445EE56}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8EF884C6-BBA4-41C7-9A3D-98C7D46D4CFA}\NumMethods\ = "18" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE66372E-2231-400D-B562-715E8D5E1580} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE66372E-2231-400D-B562-715E8D5E1580} C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1485947C-ECDD-4C9D-AAA4-C0AE11EA0FCE} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{302101C0-C7FF-4B76-9E21-5725297216BD} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45C5F7A5-166D-4A65-BF23-D37380264DE8} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10C29A98-A817-47DD-A1B7-3B970602F4E8} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF5A2B8E-4D68-4D09-A8AE-3E33E4785BCA} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9DA7803E-B5F0-4BAC-9714-25C395CF3213}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95AC0856-A30E-4D1E-9A9A-E6E92BA93616}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCCAB3EA-EED8-447D-9505-6DD1A0C030BE}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6A72EF0-B4FE-46A3-AD33-A4338B78A70B} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{32605EDE-1D81-47DD-BCE8-51C43051B4E0}\ = "IRecordingScreenSettings" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{90ECF02C-9537-4672-8DC7-AEA8FFB1A6B2} C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A154665C-E091-46FD-857E-80717FEF416D} C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C60FEDB7-D987-4956-9F1C-9969189810F9}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{799F90E2-5423-43C3-A16D-50C8247E0B0B}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98E87E75-07D2-4D18-B28A-D7F2511B68C5}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4FD4E709-A36D-442F-9CC4-123F7C48D95B}\NumMethods C:\Windows\system32\regsvr32.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (1).exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (4).exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1072 wrote to memory of 4596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 1572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 1572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\ZetCheats.js

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86109cc40,0x7ff86109cc4c,0x7ff86109cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1780 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1396,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2232 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3548,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3776 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4780 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4780 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5012 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5044,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5036 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5036,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3672,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3300,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5388,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5536,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5548 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3476,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3264 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4604,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4472,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5552 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3284,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5080,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2968 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5092,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5572,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5608,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5804,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5052,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5952 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5676,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3764,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4644,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3336 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3440,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5708,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3332,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3772 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4800,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6352 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6532,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6544 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6528,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6676 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4996,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6832 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3368,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6512 /prefetch:8

C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (4).exe

"C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (4).exe"

C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe

C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe

C:\Users\Admin\AppData\Local\Temp\7zAA752198\ColaBoxChecker.exe

"C:\Users\Admin\AppData\Local\Temp\7zAA752198\ColaBoxChecker.exe" checker /baseboard

C:\Users\Admin\AppData\Local\Temp\7zAA752198\HyperVChecker.exe

"C:\Users\Admin\AppData\Local\Temp\7zAA752198\HyperVChecker.exe"

C:\Users\Admin\AppData\Local\Temp\7zAA752198\HyperVChecker.exe

"C:\Users\Admin\AppData\Local\Temp\7zAA752198\HyperVChecker.exe"

C:\Users\Admin\AppData\Local\Temp\7zAA752198\HyperVChecker.exe

"C:\Users\Admin\AppData\Local\Temp\7zAA752198\HyperVChecker.exe"

C:\Users\Admin\AppData\Local\Temp\7zAA752198\MuMuDownloader.exe

"C:\Users\Admin\AppData\Local\Temp\7zAA752198\MuMuDownloader.exe" --log="C:\Users\Admin\AppData\Local\Temp\nemu-downloader-aria.log" --log-level=notice --check-certificate=false --enable-rpc=true --rpc-listen-port=51237 --continue --max-concurrent-downloads=10 --max-connection-per-server=5 --async-dns=false --file-allocation=prealloc --enable-mmap=true --connect-timeout=5 --rpc-max-request-size=1024M --stop-with-process=1560

C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

"C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe" /S /auto_start=false /fchannel=gw-overseas12 /D=F:\Program Files\Netease\MuMuPlayerGlobal-12.0

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe

"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\system32\regsvr32.exe

/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe

"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /RegServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" start MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" start MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe

"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\system32\regsvr32.exe

/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c "comregister.cmd -u"

C:\Windows\SysWOW64\net.exe

NET FILE

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 FILE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c cd

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c cd

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ver

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe

"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMClient-x86.dll"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMProxyStub-x86.dll"

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

"C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe" /S /auto_start=false /fchannel=gw-overseas12 /D=F:\Program Files\Netease\MuMuPlayerGlobal-12.0

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe

"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\system32\regsvr32.exe

/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe

"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /RegServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" start MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" start MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe

"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\system32\regsvr32.exe

/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c "comregister.cmd -u"

C:\Windows\SysWOW64\net.exe

NET FILE

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 FILE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c cd

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c cd

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ver

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe

"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMClient-x86.dll"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMProxyStub-x86.dll"

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe

"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" query MuMuVMMDrv

C:\Users\Admin\AppData\Local\Temp\7zAA752198\7z.exe

"C:\Users\Admin\AppData\Local\Temp\7zAA752198\7z.exe" a -tzip "C:\Users\Admin\AppData\Local\Temp\nemux.zip" "C:\Users\Admin\AppData\Local\Temp\nemux"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=1444,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6820,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=3380,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=5496,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5648,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5620,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6756 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6672,i,3215783760008269216,17860898838187345472,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4964 /prefetch:8

C:\Users\Admin\Downloads\LDPlayerX_en_10111_ld.exe

"C:\Users\Admin\Downloads\LDPlayerX_en_10111_ld.exe"

F:\LDPlayer\LDPlayerX\inst_X.exe

"F:\LDPlayer\LDPlayerX\\inst_X.exe" from=install|path=F:\LDPlayer\LDPlayerX\|openid=10111|language=en

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM LDPlayerXCef.exe

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM LDPlayerX.exe

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM bugreport.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "LDPlayerX" -Direction Inbound -Program 'F:\LDPlayer\LDPlayerX\LDPlayerX.exe' -RemoteAddress LocalSubnet -Action Allow

F:\LDPlayer\LDPlayerX\LDPlayer.exe

"F:\LDPlayer\LDPlayerX\\LDPlayer.exe" -silence -downloader -openid=1011100 -language=en -path="F:\LDPlayer\LDPlayer9\"

F:\LDPlayer\LDPlayer9\dnrepairer.exe

"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=1377006

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\6D1B772D-FA57-4B28-A783-2AA0D341C6C7\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\6D1B772D-FA57-4B28-A783-2AA0D341C6C7\dismhost.exe {439DE6AD-4A5E-4D9E-AD5D-F61209B8CBDF}

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

F:\LDPlayer\LDPlayer9\driverconfig.exe

"F:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

F:\LDPlayer\LDPlayerX\LDPlayerX.exe

"F:\LDPlayer\LDPlayerX\\LDPlayerX.exe"

F:\LDPlayer\LDPlayerX\LDPlayerXCef.exe

"F:\LDPlayer\LDPlayerX\LDPlayerXCef.exe" mainhwnd=2818456|language=en|url=F:\LDPlayer\LDPlayerX\html\dist\index.html#?languageCode=en&machineCode=e5acd10860ebc0f548df0a13f669490e&channel=10111&version=1.10.0| -single-process

F:\LDPlayer\LDPlayerX\bugreport.exe

"F:\LDPlayer\LDPlayerX\bugreport.exe" pid=0x0000186c context=0x720d90e8

F:\LDPlayer\LDPlayer9\dnplayer.exe

"F:\LDPlayer\LDPlayer9\dnplayer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004D4

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0xfc,0x7ff84dfa3cb8,0x7ff84dfa3cc8,0x7ff84dfa3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14723758879820788791,4708205324836227510,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,14723758879820788791,4708205324836227510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,14723758879820788791,4708205324836227510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14723758879820788791,4708205324836227510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14723758879820788791,4708205324836227510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14723758879820788791,4708205324836227510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14723758879820788791,4708205324836227510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

F:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe

"F:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe"

F:\LDPlayer\LDPlayerX\LDPlayerX.exe

"F:\LDPlayer\LDPlayerX\LDPlayerX.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM LDPlayerXCef.exe

F:\LDPlayer\LDPlayerX\LDPlayerXCef.exe

"F:\LDPlayer\LDPlayerX\LDPlayerXCef.exe" mainhwnd=1835620|language=en|url=F:\LDPlayer\LDPlayerX\html\dist\index.html#?languageCode=en&machineCode=e5acd10860ebc0f548df0a13f669490e&channel=10111&version=1.10.0| -single-process

Network

Country Destination Domain Proto
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
NL 172.217.23.206:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
NL 172.217.23.206:443 clients2.google.com tcp
NL 142.250.179.196:443 www.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
NL 216.58.214.14:443 play.google.com tcp
NL 172.217.168.206:443 consent.google.com tcp
US 8.8.8.8:53 mumu.163.com udp
GB 95.101.129.27:443 comm.res.easebar.com tcp
GB 95.101.129.27:443 comm.res.easebar.com tcp
GB 79.133.176.225:443 nie.res.netease.com tcp
GB 92.123.140.26:443 www.mumuplayer.com tcp
GB 92.123.140.26:443 www.mumuplayer.com tcp
CN 59.111.137.212:443 mumu.163.com tcp
GB 92.123.142.144:443 www.mumuplayer.com tcp
GB 92.123.142.144:443 www.mumuplayer.com tcp
CN 59.111.137.212:443 mumu.163.com tcp
GB 92.123.140.26:443 www.mumuplayer.com tcp
GB 95.101.128.144:443 r.res.easebar.com tcp
GB 95.101.128.144:443 r.res.easebar.com tcp
GB 95.101.128.144:443 r.res.easebar.com tcp
GB 95.101.128.144:443 r.res.easebar.com tcp
GB 95.101.128.144:443 r.res.easebar.com tcp
GB 95.101.128.144:443 r.res.easebar.com tcp
CN 59.111.137.212:443 mumu.163.com tcp
GB 92.123.142.144:443 www.mumuplayer.com tcp
GB 92.123.142.144:443 www.mumuplayer.com tcp
GB 79.133.176.169:443 nie.v.netease.com tcp
US 8.8.8.8:53 169.176.133.79.in-addr.arpa udp
GB 92.123.140.26:443 www.mumuplayer.com tcp
GB 92.123.142.144:443 www.mumuplayer.com tcp
GB 92.123.142.144:443 www.mumuplayer.com tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
GB 95.101.128.129:443 comm.v.easebar.com tcp
GB 95.101.128.129:443 comm.v.easebar.com tcp
GB 95.101.128.129:443 comm.v.easebar.com tcp
GB 95.101.128.129:443 comm.v.easebar.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 34.111.242.40:443 adl.easebar.com tcp
US 34.111.242.40:443 adl.easebar.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 92.123.140.17:443 a11.gdl.netease.com tcp
GB 92.123.140.17:443 a11.gdl.netease.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
JP 35.221.121.192:443 bee.tc.easebar.com tcp
JP 35.221.121.192:443 bee.tc.easebar.com tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 13.107.21.237:443 c.bing.com tcp
JP 34.146.213.177:443 timejs.game.easebar.com tcp
JP 34.146.213.177:443 timejs.game.easebar.com tcp
CN 42.186.122.69:443 mumu.163.com tcp
CN 42.186.122.69:443 mumu.163.com tcp
CN 42.186.122.69:443 mumu.163.com tcp
NL 142.250.179.196:443 www.google.com udp
GB 92.123.140.26:443 www.mumuplayer.com tcp
GB 92.123.140.26:443 www.mumuplayer.com tcp
GB 92.123.140.26:443 www.mumuplayer.com tcp
GB 92.123.142.144:443 www.mumuplayer.com tcp
GB 92.123.142.144:443 www.mumuplayer.com tcp
GB 92.123.142.144:443 www.mumuplayer.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 59.111.137.212:443 mumu.163.com tcp
CN 59.111.137.212:443 mumu.163.com tcp
GB 95.101.128.129:443 comm.v.easebar.com tcp
CN 59.111.137.212:443 mumu.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
GB 95.101.128.129:443 comm.v.easebar.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 172.217.168.195:443 beacons3.gvt2.com tcp
NL 172.217.168.195:443 beacons3.gvt2.com udp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 42.186.122.69:443 mumu.163.com tcp
CN 42.186.122.69:443 mumu.163.com tcp
CN 42.186.122.69:443 mumu.163.com tcp
NL 142.250.179.196:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
NL 216.58.214.14:443 play.google.com udp
CN 59.111.137.212:443 mumu.163.com tcp
CN 59.111.137.212:443 mumu.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
CN 45.253.144.31:443 sixhorse.game.163.com tcp
GB 95.101.128.129:443 comm.v.easebar.com tcp
US 34.111.242.40:443 adl.easebar.com tcp
US 34.36.47.246:443 api.mumuglobal.com tcp
US 34.36.47.246:443 api.mumuglobal.com tcp
US 8.8.8.8:53 246.47.36.34.in-addr.arpa udp
GB 23.53.172.78:443 dns.update.easebar.com tcp
CN 42.186.122.69:443 mumu.163.com tcp
CN 42.186.122.69:443 mumu.163.com tcp
US 76.223.88.1:80 76.223.88.1 tcp
GB 92.123.143.233:80 a11.gdl.netease.com tcp
N/A 127.0.0.1:51237 tcp
US 8.8.8.8:53 233.143.123.92.in-addr.arpa udp
GB 92.123.143.233:80 a11.gdl.netease.com tcp
GB 92.123.143.233:80 a11.gdl.netease.com tcp
GB 92.123.143.233:80 a11.gdl.netease.com tcp
GB 92.123.143.233:80 a11.gdl.netease.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
GB 92.123.143.233:80 a11.gdl.netease.com tcp
GB 92.123.143.233:80 a11.gdl.netease.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 216.239.32.3:443 beacons2.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 216.239.32.3:443 beacons2.gvt2.com udp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.250.119:443 mc.yandex.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
RU 87.250.250.119:443 mc.yandex.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
RU 87.250.250.119:443 mc.yandex.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
RU 87.250.250.119:443 mc.yandex.com tcp
NL 172.217.168.195:443 beacons3.gvt2.com tcp
NL 172.217.168.195:443 beacons3.gvt2.com udp
RU 87.250.250.119:443 mc.yandex.com tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 51.8.64.151:443 h.clarity.ms tcp
JP 34.146.213.177:443 timejs.game.easebar.com tcp
JP 35.221.121.192:443 bee.tc.easebar.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
JP 34.146.213.177:443 timejs.game.easebar.com tcp
JP 35.221.121.192:443 bee.tc.easebar.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 163.181.57.233:443 en.ldplayer.net tcp
GB 163.181.57.233:443 en.ldplayer.net tcp
NL 216.58.214.14:443 play.google.com udp
US 8.8.8.8:53 encdn.ldmnq.com udp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
GB 163.181.57.232:443 ldcdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 232.57.181.163.in-addr.arpa udp
US 8.8.8.8:53 10.153.172.18.in-addr.arpa udp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 221.194.141.156:443 res.ldmnq.com tcp
NL 142.250.179.196:443 www.google.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 204.79.197.237:443 bat.bing.com tcp
CN 221.194.141.156:443 res.ldmnq.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
NL 142.250.102.157:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
NL 142.250.102.157:443 stats.g.doubleclick.net tcp
NL 172.217.168.195:443 www.google.co.uk tcp
NL 172.217.168.195:443 www.google.co.uk tcp
US 51.8.64.151:443 h.clarity.ms tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
NL 142.250.179.196:443 www.google.com udp
NL 172.217.168.195:443 www.google.co.uk udp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
CN 221.194.141.155:443 res.ldmnq.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 221.194.141.155:443 res.ldmnq.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 49.4.219.8.in-addr.arpa udp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
GB 142.250.178.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
GB 142.250.178.3:443 beacons.gvt2.com udp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 218.12.76.155:443 res.ldmnq.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 218.12.76.155:443 res.ldmnq.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 218.12.76.158:443 res.ldmnq.com tcp
CN 218.12.76.158:443 res.ldmnq.com tcp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 13.224.132.98:443 apien.ldmnq.com tcp
US 8.8.8.8:53 98.132.224.13.in-addr.arpa udp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 51.8.64.151:443 h.clarity.ms tcp
US 35.219.153.27:443 e2c54.gcp.gvt2.com tcp
US 8.8.8.8:53 27.153.219.35.in-addr.arpa udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
GB 13.224.132.98:443 apien.ldmnq.com tcp
GB 142.250.178.3:443 beacons.gvt2.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 bat.bing.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
NL 172.217.168.195:443 www.google.co.uk udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 apien.ldplayerx.net udp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
DE 8.209.83.89:443 apien.ldplayerx.net tcp
GB 163.181.57.233:443 ldcdn.ldmnq.com tcp
US 8.8.8.8:53 89.83.209.8.in-addr.arpa udp
GB 163.181.57.233:443 ldcdn.ldmnq.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
CN 47.101.88.37:80 ldres.oss-cn-shanghai.aliyuncs.com tcp
US 8.8.8.8:53 ad.ldplayer.net udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 en.ldplayer.net udp
GB 18.245.218.123:443 ad.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
GB 163.181.57.234:443 en.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 advertise.ldplayer.net udp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
US 8.8.8.8:53 123.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 235.176.133.79.in-addr.arpa udp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
GB 18.172.153.23:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 www.ldplayer.net udp
GB 163.181.57.236:443 www.ldplayer.net tcp
GB 163.181.57.236:443 www.ldplayer.net tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 cmp.setupcmp.com udp
GB 18.172.153.86:443 cdn.ldplayer.net tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
NL 142.250.179.174:443 www.youtube.com tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
NL 142.250.179.174:443 www.youtube.com udp
US 104.26.5.6:443 cmp.setupcmp.com tcp
CN 47.101.88.37:80 ldres.oss-cn-shanghai.aliyuncs.com tcp
US 104.18.31.49:443 stpd.cloud tcp
NL 142.251.39.118:443 i.ytimg.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
GB 92.123.143.169:80 apps.identrust.com tcp
GB 13.224.132.14:80 apien.ldmnq.com tcp
NL 142.251.36.14:443 www.youtube.com tcp
GB 13.224.132.14:443 apien.ldmnq.com tcp
GB 99.86.114.124:443 apien.ldplayer.net tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
NL 142.251.39.98:443 www.googletagservices.com tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
US 8.8.8.8:53 118.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 169.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 124.114.86.99.in-addr.arpa udp
US 8.8.8.8:53 49.4.236.47.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 14.132.224.13.in-addr.arpa udp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
NL 142.251.36.14:443 www.youtube.com udp
NL 142.250.179.134:443 static.doubleclick.net tcp
NL 142.250.179.196:443 www.google.com tcp
NL 172.217.23.202:443 jnn-pa.googleapis.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
NL 142.250.179.196:443 www.google.com tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
NL 172.217.23.202:443 jnn-pa.googleapis.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
NL 216.58.214.14:443 play.google.com tcp
GB 216.137.44.108:443 tagan.adlightning.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
GB 18.245.218.123:443 ad.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com udp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
NL 142.250.102.84:443 accounts.google.com udp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
GB 18.245.143.100:443 tags.crwdcntrl.net tcp
GB 13.224.132.14:443 apien.ldmnq.com tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 18.172.153.23:443 encdn.ldmnq.com tcp
NL 142.251.36.54:443 play-lh.googleusercontent.com tcp
NL 142.250.179.131:80 c.pki.goog tcp
NL 142.250.179.131:80 c.pki.goog tcp
NL 142.250.179.131:80 c.pki.goog tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 18.245.218.123:443 ad.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
CN 47.101.88.37:80 ldres.oss-cn-shanghai.aliyuncs.com tcp
GB 18.245.218.123:443 ad.ldplayer.net tcp
GB 18.245.218.123:443 ad.ldplayer.net tcp
CN 47.101.88.37:80 ldres.oss-cn-shanghai.aliyuncs.com tcp
GB 163.181.57.236:443 sdk.rum.aliyuncs.com tcp
DE 47.254.171.217:443 apien.ldplayerx.net tcp
US 8.8.8.8:53 api.ldshop.gg udp
US 8.8.8.8:53 ad.ldplayer.net udp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 18.245.218.125:443 ad.ldplayer.net tcp
SG 8.222.229.130:443 api.ldshop.gg tcp
DE 47.254.156.147:443 apien.ldplayerx.net tcp
DE 47.254.156.147:443 apien.ldplayerx.net tcp
DE 47.254.156.147:443 apien.ldplayerx.net tcp
DE 47.254.156.147:443 apien.ldplayerx.net tcp
SG 8.222.229.130:443 api.ldshop.gg tcp
GB 163.181.57.233:443 sdk.rum.aliyuncs.com tcp
DE 47.254.156.147:443 apien.ldplayerx.net tcp
US 47.89.195.83:443 retcode-us-west-1.arms.aliyuncs.com tcp
US 47.89.195.83:443 retcode-us-west-1.arms.aliyuncs.com tcp
GB 163.181.154.182:443 advertise.ldplayer.net tcp
US 8.8.8.8:53 182.154.181.163.in-addr.arpa udp
GB 18.244.179.120:443 storeen.ldmnq.com tcp
GB 18.244.179.120:443 storeen.ldmnq.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 120.179.244.18.in-addr.arpa udp
NL 142.251.36.54:443 play-lh.googleusercontent.com tcp
GB 18.172.153.128:443 encdn.ldmnq.com tcp
GB 79.133.176.235:443 res.ldplayer.net udp
GB 79.133.176.235:443 res.ldplayer.net tcp
US 8.8.8.8:53 128.153.172.18.in-addr.arpa udp
GB 2.18.66.88:443 tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0bea10bef4e249ded87c42c2c9c6dd08
SHA1 3813f4398ce2f652e0eafc412cd1a4176b7f3627
SHA256 58421849c4a3540d0335a0b7049b3db99db9003f5b38cd6fa65f2289a0663926
SHA512 9ac966d00dfb38f5e8734c7ba7c9b9fd2b5a005ad2656389349b2e32992adbf0a70fe6a31fe25d99049abc5e08bd675a4b25fde6adb6763e12124420820cbc35

\??\pipe\crashpad_1072_RHRXKLCCTECVOOSQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 2e4d37e67c0c9219bc1741bea704d3ba
SHA1 0886e8600f9cd85bfaa64dfa394ef4c8cdb30af1
SHA256 22407b23f3048c4f58f0a189206541b91bb0157a5a5fb695dcd1122088d4a9b8
SHA512 18220f689fe2cc5186c630baa400ecbe513e6fd10e5d3587183f488ff134a00c2413af6143beca8d87fce165d196feeec8d2257794133a9cb6ab012d4bb3df55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 41ceffa0146b1c97bcfca03884361907
SHA1 f25566792600a6c284fcf8971a8cb99a2e926b63
SHA256 9e7b64716375d2f06e7692203f9dd720685868d4629f8bc24d661a042b81a667
SHA512 6c0cee16e6a9f9acfa58a545ccb710e4665c7540f14b9ef7a803b402edfa7c3223fa644788ba408b8d97826ed3a518118a14bd80a315a66b8dd1edc09ec017e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c209c318cc2fae1056b00877aa983bb6
SHA1 869aeef5b59af973752ff42fa5551e509190edf9
SHA256 9272ba077c991714f5732be5342d87b2847520db1f90122633673102a49f3da6
SHA512 10c5dbd11097377eb896561eb2f1406e7f93e57abf06a082a707a386830d742bd148699e23f4cf260f4d70d25e788334acaa31cc241a9b3874f8a80dadd6a151

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e69ea345ed8000ae397f55bc35c58e4e
SHA1 267690e69680801f27d1964cdf7911b0dadba352
SHA256 c82c7ceb140193d8f8ab188d21887591bec5224390270c75dd53ae58b1c3a49c
SHA512 217b670ced46d6d7b8f7a283cb7ce43ef24658b4b72ed8f3937b6193604346a1e35eae227be697aa0c72158ee809ac9e4aaee8e9a679a528ef878eae8afa2ceb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 0216681ce0d04388fc7d10e114f8c493
SHA1 efd87a6fc44180a7c59534fb9ef4c15ebfc36641
SHA256 d46576b41b9eaf9ecbb936735d99a4fc7f36a50832861309894b0f810a06d191
SHA512 798a55be5f740a54c4ad5e54a7140c558627fb71e01bb6d11e34ac6be5b961f0b9da4e7a5b0fa1acee3e18a789d58207d1558ab26a14f51feaaf8c136822962a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 727ebf1063d6229d5708921b4de177c4
SHA1 fdb842f9e040703a39ca3e0d2c5f5e6ce44a1e3f
SHA256 0c67b08b0162c791f2ca325d0073bd3378cccc2066bcb104ebd9a69e501aa9f5
SHA512 f370c2630f531c7cd0db05eeb4acae099ac2be7d5efe8c457d1e9b33cf487cc8a26d0b4a4466d4f4f85e2e680da989692a51d765227ae233a145bbaffb99d13b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 48d2860dd3168b6f06a4f27c6791bcaa
SHA1 f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA256 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c7d3c03d39e474ee49c39958638c4ba
SHA1 f935b66888ec420f585dbf9c63671df08fe4bc4b
SHA256 6b5d0f69cec269003c589a5c151da7dd2292a7def7bef6e65747aa3eccbb85e4
SHA512 67f7446c0c61f952f66805199625f4130c6cb9976fdaf814882f91bbd48e56257f8c1efa618683051de1f3909688d6cfe16cfc3449ceb1b81e543f3151eb017b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dd848865b92f16238b427b28e57b6433
SHA1 a8b643418e49c97cc21173621a20b93b85651282
SHA256 a9c3bc67e26051dae9d06bd2f2fd6b29ab69cdf23f194dee97495e528c6bdc27
SHA512 6a8774d56faab1e5bd095f22d9c8bb0336e4cfdc0eaf5f6b0a9b93a61b363209eee091b53a678540a3bd38041cba8e0e818dee6bb70c2b6579bed8f1e2af3ac7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc3c9b8bc4f06ca413fb3face55c70ee
SHA1 21ac7f4bf1fefca2344c972d57af399899d285ba
SHA256 eb04805f6797787ed351bc883716a0d25ba6b361c1e9f3c362efa3d87f6946ce
SHA512 b6dc012ce3c50120688fed0bd113f04e9cc47ad715ca62522b14a395423db3585917f38b482728a0cf15f8272dcf5c51730aa6a2e08a2efe198388e57cd220d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f38b938bdfcfcab87ce5c0a7dafeec14
SHA1 9733903c170f9766dc0ed62e99d9db0d52bf3090
SHA256 44e4963ba680ef12c444cdae6d706b82ee3233d35dee332d749f4ea92f5b9014
SHA512 0b2daba88512837a72d0a0151c33ab08766e6ae4a71d04f843b5c5476a8d51909ec7c0fd857a60986c915526498c0a7525a6940cfeab4fc69e0733c8acd5badd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0b192f2e0c397f2aa8d47d927b2017e1
SHA1 6239fa1d320490bff6ba0e553d99cfbb98558f04
SHA256 67c8d6a5118bddb60eca3f00905bb37f72ba812ad36cf41ebd615f0d0a9db024
SHA512 49441c56396cbb9c2750c88265330445a6c6a8c09607f312cd8f7c2a6043ad4554320ac28f59c0e7e6e008351d4e70e72e9d6295b064642a97d530ec380b975a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c3ac5445cdcb25d992fcab74eba62915
SHA1 703496e0fc1d1a7ae7829368c4917e48e8abb0fd
SHA256 aeed3221159574500de1da135c6a15affcdb22c2f608ffa61fd550678a077602
SHA512 ef289326a23bd080b8bb06686c66a443f7c0cb76808eeee1e4e329628462a028d97a8a4f4e1e030a3415fa7fa588c090797396e43bda102865f01278cf900083

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1ad9da80d25260e47f67981d84b8907a
SHA1 306f60e035a9d4062accdeac3bedf801b68c91a0
SHA256 751552fb73c4ce964dae84de8d4d0e212acbaa81a0830e8f4412be96763f1389
SHA512 790fb4ec9c47de45484caeedf9e05ea7e3a3fa83e0cf0d20813f9e93d9a2cae2348e79e1798bf83502ca375b206e93eedb2cb5d0251030cda5e35a3b952f87c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ff7d29c33692d5326c0b1e0fb65c4631
SHA1 c4e02ec616bf0e2686597ec325ea7530af264da4
SHA256 abce87a8898b1376b4b7ed5ced05ddb5d9eddef0fb218954999e9c8ccdb86a75
SHA512 b4034be46216e234349045e3e8e16576e2bfda50efd25400953015be58b9a1aa7a1eddb37165c15b9bea9ac05333685c59d92f1d181d8463863f58ca022ee245

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d8d8fde7ebdf02018040ec532021327d
SHA1 81003782548998742ae272e4f10c3607707dfced
SHA256 e5d278ffe6065446d0f87a450ec82121518b9341a2fb547bf8133d63eb6a7e70
SHA512 9a22620602adb01812d68acadd0492f07593317f941df2b2dd9df51554c2a1441d203f9d7e1b2dfb9081355d9f26551c44ef714286c3bb12fd7bc54446a8e04f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a1894f416337246b5fad2878296180e
SHA1 8d928345c8c1739f0965040dba5a19c3ee7cb8b8
SHA256 c57170cc22b24ac2d5e8540432eac1c06f7fbd0baf733aa4f769c194f5c8fa63
SHA512 de99fc388710d0d00e918772e1fcbee48cfadc52acaa6afd656d90d53a0a3996dfbf02d7467dc7fadafbd2f890cabc9d738e77e1abbe9e5d1afda8d53a74a6f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b27e4665631c372207f92f042fae1175
SHA1 42f9e8dd544cee362946f304f28a76b6a2f4a25b
SHA256 7188ed8c4caeaa1f33e969a4b40620df7b54c16e4a446cad1e5b0e1598140fa7
SHA512 932fe4013b356dd8f7b6cb65f5146b342de738bbbb839712aa41f316cd170c2749fbb31ab0fcd7cae94509034c6fc687ac6e38abc75e80eb1c202838a8859bff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f1e0aa61dd6c5d061bc7ce67d8278f2
SHA1 5b8f7093b87d48344c29a046b54009d9bcc67f52
SHA256 3500d00bbf095f19712cdd86191226e088c8431a473082aae83e8dc0287970fd
SHA512 10d1ad48e6d4d88acf91b5e587f11e800abb0c132c21b9def8503647a4cd6b54062de62fbcadcd4e9ebcae7091455d32f2171afbedcbf4dc1a86e19bf563f9b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 19e3041e890bef5e4e2ef6d2344e31e2
SHA1 359396356ac662c3c50e496b1f9502bf349c63a1
SHA256 f884c4eb94b08a4a13f6264bde83eeecd767dd6415459116ac6f4ed23fc05b32
SHA512 4b0b23634b4d9a3ce86049adc024d8cf7b558f1a3fc3e140916f9cba9c3199364b55d05e0c400528f97426b4c42cf48ae9009e7d194f3fc5df770cf718e1483a

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aab1c3dcca5d1fe63ea46dab6dc7e935
SHA1 bb6389f5d31f90ce44e0ea726b146f740f0760af
SHA256 36553d9c22f7a53bd17dcf96c4561a347fcd1ba2d9d1be6298b67e5baa6380ec
SHA512 133c3d67ce0ba4f6df02bfbafcf80e91b295fb20232ff11c088b7b62cc81007c7fe02a64004bd819f31d0d487713bc183bece9ceb44eb52e45c3d43d81db0026

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 22b69497dc64c9e32fb1d7b450a28269
SHA1 4da9d2b060bc8f1166096e00ae0abd45cde87e88
SHA256 53740b11422acf67fa473dbc82937b2bd12dd6ba572901256b0585c6f66666d1
SHA512 96bd3784ecbe129dfa11507183b480e570c24bc3dd711fdce55a8c2d894264d4456de4dfc6929b9d00e01b61aac9eb9f8b9b2668184018ffa22698c66a29f059

C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (1).exe

MD5 fbd9ad001bb2719f574c0705c5de05fb
SHA1 d07e77a490ad677935ac8213b88237e94440e791
SHA256 f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593
SHA512 5724e3f858ae7ea92ba4ce325f3f8f4b90ecc6d7c19476e2888c4b09f0913463191b977f71314300918cceb0a6ae0b80e29d3c70891e8aeb9314da233a929e96

C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (1).exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5219a268eb0ac007da832b9f1107decd
SHA1 bf4055d519f28bd997d3551e764c07fbd4546126
SHA256 fcece670d8138482aebc2514f83ea113599e9276f2ac33e79f5fc9993f550304
SHA512 79a962f8c67f2e7ea2c6e29f8963f5ecdd72bf96f285a8a485061b0a957f3149c12aa56055f5e501db6873ea37c10467a6d5463ecbfe63617ffe71744553c5bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f86b396974afbef3aad4b052004f805e
SHA1 0359f865d8c4ae1a653ab13b358365e1712d351b
SHA256 4dd457d082b33f21b197e96ffb75012a399eb1ab60f955fec3525b3aacda61a5
SHA512 ce5ce3c647c119c16f9cf825849c14f59b30f071845893ba0ea7c3e72a0b8b7049530f0e24eb9aeeb57c8a23c2c932d481d39be6541cfcd43b89288a0c2b97ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d268c0ef25cb63eea5a415535eaf6199
SHA1 ef5b046beaf629dd83d5034971eb30be9fe65b95
SHA256 0ed932142fc68dca0a65eb8d5e1ae2fa1eb9ddc417e5079dfd21ca916bcee406
SHA512 402b93195287078c4dbbe79d5d505da7e18324bbf27243b584db60474c2f0844955dff56107beb4297dc6a0bcde33a626f2c646bc2418535fa7e8b633af48b5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 371eba9458b9f05c865d9c4ec04d20f1
SHA1 5ffe691dcb5cdd0a7a9bc76bdf8b37e175865714
SHA256 196c978ab85163d38ed61e7bb2a3db1f9b18ac682b7b907cbd8c82e97e0b187b
SHA512 ec569a200264dca89578969b61c298ae3fbe7ecd45daa38639fb1de60e5819681597c1dfeea456c5e0bd2bf50e4ea8bee9c7a21edee32500e96b2cf9e748457b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0e06c2e59fb6a64d8a7184fd8aea601d
SHA1 d0478652043a5c25237567489c1279165761a0ee
SHA256 26228edacfb9066d067b9a7e4cefb5a8369131841fc11c17d529b18a8eef287f
SHA512 0c9bd05dce37a940f6abe5d2de4656b3ed7966f7bec8c5348764ff7c591bb8d02bffe66f0dae9a71c98020aec2a3b8358b69927c1f3898be8c4be802173fb4d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1e5eff96ede9d1ff1c8fb92ea18c9722
SHA1 cf23d11c32f4452120b10b38d889fb6019fb996c
SHA256 fb4a7f7224a9bf24f7bbff0dd6a6caa16c7bd6d2171279355de106d8e1cf5c32
SHA512 3d6d3e95c0917c4908e180f830a339e47bde0d4caf1ab6496e6466929ee02a531f719719abba67d74ea15047c1d3cc231045e35fc6e1eafc7804b0a2cb47b843

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

MD5 d45c5f80a739d1060b4310a30db54835
SHA1 1a6043edbb9d93fbb019c04cf1e986e4833845ed
SHA256 d9db092f504b9f74518a1ca5ca011760926fc1d2fb4339e0ea22af6f30be2440
SHA512 5b9240afe0ad27dbb6e10b7bad65571c7125d0f95af0f92c091df08f1f6600b2a09bb669a008d2509e8305de2af7c59d6c5c6f358b491e00a7aa18846e0dec00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c2830ae251a4ca91cef0e4c90da57f7e
SHA1 538e93bdba16cdab76a97b2c7bc161dc450ebc5d
SHA256 701514aecdbfff2465e3a9f34436c1cfdf1b5b2828de805b0cf04b56ddfff21a
SHA512 2f94a7e9af90922cf5de39f4e463a88301004b6a7e14039a3ca86d28c4fd1c3de262c25c5238acb99b82cc9f7f7c6c7f8c4c5f343dcee62beea45d00eab7cc38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

MD5 a9bd27deffa8ec574ce09ca3a1311fac
SHA1 2b2a86cd3ad51c17fe89b63439dab1c5d3d291b8
SHA256 da43c6b23d951fb974add55a90d059a30ecdf17802cda9d36a03c1343fdab2bb
SHA512 a2b269a1fb6a2427bae2d307f2113eff54b93d5fd474c9e1a9734377826baee04a2c9e289d5488c69d17de6c0991261f28dd7eab59441e0e5c68bf5eb48a690e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

MD5 59b300cfee96ba72be30642210dffd58
SHA1 31fc23b05c419ffc7a216edcfd5e8881a7838fca
SHA256 22a785cb5ca5a963046039aabf844d80c1d0bf68c8639b7865b6244bee7792d6
SHA512 874823f4dde4079797c60c2acb351c35b9130bc1ac49079f94e736c256e2b024fd8df85432bd45033ab771e40824b0e598f89f6a6907bbb8b68a9595f8047748

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 611278faf81d48074ef2f077f9c0bb11
SHA1 a4ab6a37c212239955bbeb183fc6b32ca7438a98
SHA256 b64e9074250a4149f7cae8ff084ecd8d66a3f11180e71caf03a58e1f4b718a99
SHA512 9b16b6894296387455d01eee243bbb51b9f07754c287abfea72d833cdc7bf5f8a4a1ef49202f82b7b9e15fd4b310ce77e04518ecfe9031f9167a190fe7f9bb88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 515a17957ac7e1ccf9b9226a526b5f8f
SHA1 b27cb8d7907de85174f2c04d566cadbf317ad743
SHA256 41258f9b81384c92a3db8f895f9788f0710cb0d3a5377c3fc1ba6f6b5b6e7401
SHA512 90f7402d0a0bec9896ab08b84d5933b5c2b604da3a18e1edddf74327dad4e8f1e4a7e1dbb559034cb017fbac6d0666345656d7270a91ce22e8da92a7cde9fdb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22861fce284e3f453b832ce672c9962e
SHA1 bfd6c1f6233b19aa15abeef69e12c250a88825ec
SHA256 12687d0a2840fa0171b9e6e2369bb5a28664ff575863e100e1df6266e2a2474b
SHA512 a7a2ec8d5c91e4401a31d74670ff1aa4d4bc360b6402458cd0e2342dca59091a132fef0a4150523ee7f73a1850bbfa27a6df7b7bcf023764d565cd562426ba96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

MD5 4ea388ffb4abd23c55b7243aa1c2c6cd
SHA1 e95ce313a71978cf1a715ff73912e1919b398b73
SHA256 2a1bf2bdd365b9c248b64c51fdf73eddefbf5af5de005c7d3651e33cbc37037d
SHA512 55c089b14c3261873122ab08aa8a67f2b1c90cb744b3435e570d3a2e5309d15ed4dd2cdd27ccca9d5cd090c34ff6c84726a59b876134155f2f8a2ee90377c30a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 278710c91c2636b0940c9db1ece13f8a
SHA1 a78eb90a69541f157c421504b57890204e2a32b8
SHA256 6ad75bb3260bbe3d926f18723b68574ffc21251bd2eba07eb95674ff68a44855
SHA512 40feff4133f5e5a694fa20c2e261a55412e95256ba7f2dec5f32234ced1aaa71ab4ee25235ad7b3a4b2250c5e586797784fa4774e79045453f071d8f75c4d34f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9ed051312480c6248b2965517e10060a
SHA1 10fed3147c0f67ae638c398a36a7fcc1ddf2c87d
SHA256 61970158e254bfd571f0ef51337af3ed8603aa2372d6ba5653565afb8cc9421f
SHA512 cabec379270177ffb25043a6c71c9a473f6b84c3b1b77c0ae9157296e4280e874e6a7577a9b1eb78a70a1cb43a8e97b97c960b8bcadf1a266c91e57b13d49511

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 f8efe2c96d17ecbfccf97cf6c5c6324a
SHA1 b9c6855db112d6d94e1093bc4f0c81973ba97fb3
SHA256 497d2b1c4dc5bf8006538332ccbe61facea32005dc79d288f50d8a526bd80f1e
SHA512 640d87111497d64818a98fa5c107333480fe2407972d6515b1956dbef48eca9876966b2b8501b3b77dba7cac3cc38d11addb21d180940e3eab4114ac8d6dfedf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

MD5 f4c240e0a6b2cc36eae9b64e7942f6e0
SHA1 28a12dc42a0cbe673b8bb9cf9da07bcecde846c2
SHA256 96c075323b5f3ce0201dd3d6c17ae13c1cd55a10ea6d3b4a9ee2ec19aa9624a4
SHA512 db0fcd2e367af14811a33c08fea2fd8f6ba0a2882cdf4a32db96818156d9255f82f58275aa955a27e6dfe1840507400ab55ab01af2b090b3f23ea5fa9a9f72de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 e704ee28971bc736f64ee1d58fcb4dc8
SHA1 155f9571ea3a57b2cedda55ad3f2e0914c5a0363
SHA256 65c300e0c6f564dd45e7fa8750fd781c4fb5626e0e5d06df40e427b50bdd8cdc
SHA512 46606b5ccfc83ab9b08966170e93171305115a43daa1017f106eda8a528b53e2d2a9493c250e40329b2dc084165452c651058e59c2e815d039b54c984130c77a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 b731f4de7dc47be7f498000d19d616e0
SHA1 5cca70961bc09a435374e8aa245e1e5d8373cd5a
SHA256 d1cc8030806f3786288702bf1ee9a23f977a2d7c4247d29778637d517442b3c9
SHA512 8ab68434b48f42dc268f751970a7b0318f82d22beee8befb9ded83f747c98fe8bc4513263f6850058b221d604992bad37b4882b214da13947786dcaae9a1c6d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 d67b90f4086e8e485d68499ebd93fab9
SHA1 df3ca337c3725e59dcb54a55e278495a4727a63a
SHA256 334d5562c61525c4e0bada8f9143a27a2b20949cbda5c49c256bccea617d3d11
SHA512 dbd222937e351bdb5308a2c5c9cefcaff41f94a997d54bf37c73d25e36b40dcffc3cfc7483dfa9cb777ad2acf19e9c9f117f3fc2833b1a5d57dc3c0bf0aeb0f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 46850440e5751942f57802f28f367b85
SHA1 7ec2654aa6741cc8c0f141a29e55da6d7bbc9808
SHA256 3758b8fb3f4bd4ddbac278791f21b01a68562396e9498825470d593b21237dfb
SHA512 744ddaa71b6d49d51a56f403c09028bb28ea6ccdf0d2335882b03feeba37d4670336246abbb1e2eb58796c41f412b6221f5490544121b35d80e542740c719ebe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 70b394fb38ecadea25ef13fe85c946d4
SHA1 90b024abc5e9663f947e46865f528594434caf87
SHA256 7218fb74d264ea1edce9dba4ee2e2bbf5da809e7d5252389269a7bd1e8484ab7
SHA512 4208ed5ee62d2eb001f81c35487fac8c27d0876681cf874980d7332c9133352787cc3717ad0391e44239a37f5069f965acc085417452a8c6d985b473a15c32d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

MD5 49c01f503a9985be7b2c9d7a6710d1fa
SHA1 694c90f7cf2c3dfc81e5c71f05ba2555a3d375dd
SHA256 f688febecaa64c1bd864e8d246ecc59181a55107dcb7827ff0cc8e42bf57d86b
SHA512 e4714d1ac6ae0dc9e2ac412dda8d1fb0a8d028ea872232eb756955ead69f4872d31b6a500f8e063e40fdfb878056e2d195e7ba04ab1994cf3fb035bd408bd4d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

MD5 43a4d7fedc835ce074ef0b536c62f71c
SHA1 db7e659166e90b04ee10438342f09a28706d6aed
SHA256 a59fbdf6939e30ce58808a8f6edac17759f7917ee33b6fd6a8760757d6c8e83c
SHA512 bd5446cefb3698285628534eae180b05d14b7c9345b40a3650b0a9702abc5dadea57588601719281caebdd3a3731cd9dc808f23a42b87c27f585aa9557cc286e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

MD5 9971ee04e796f5ed571c5e83390716bf
SHA1 aa92a253faa0e1549cae89370b48b854938055cb
SHA256 1ca6295a67aff3ce0b4bf7b79cbe6af136fea0f923bf27684c3bb92d46c6d5b8
SHA512 bca63ac1091fb0238c7449c272e2a5e55225242a3c2dd753f9fccb63616464f92c6ac5befadd8fc5f191ae2b73e8bf8ac413d0bdda8e66312713f00d47c33baa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 c328b3536f726d14f7cd86004b452580
SHA1 7631904b2385cb8ed45bc286786f682f7a4c5699
SHA256 5a5197379cbf16c68c061a80dd9752fc4c8ed130ce7ffb11d325e11f44c754d9
SHA512 04d2347d74e4121677c6fb743b957fd8ec80e3dd363113792161682a6190a59cb78450040362bd441f860f6b7a78d5b282804b9bfc5cbf8dc5abfc9f0dc34e19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

MD5 4c0d95a92ab54cb94ba959692bf7467b
SHA1 80376cd7e2c7d876542f12677766f05b9a73d1d8
SHA256 3e63996304b3e9126c79816189e066e4be811753f21133b8558a8aca185ec5cf
SHA512 4e55f9fbd2d0b544b3502d38742a9a07a208735ed029a7f18877d6f201f42844ae4bf26da2409ab704dedd3c616a467835732dd56fcd2dcda5fb1eddafae86f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

MD5 e23cecbe674fb0f953469067ffc4f827
SHA1 96d601219fb51185a91c094ca1332c4c472d45ec
SHA256 973d39b0d6ea37c6e012a5920d1f7a780102d429346ac4404db194eb3d34c770
SHA512 f62e4a0e91bfa970e35760b425a18de0d71edc3318c009e4d4f332b959100696a729e446f5e215a6b509b26c24378e4d2482a8629d8b094cd30900b1616bdc51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 c16f7e66144d3e9e8ed8d8e480f4b300
SHA1 156ad25f94b9835ae41f3e2fa52b82ed92289c23
SHA256 e3a1c99eedaef1b30065ad19c0bc8078469c4b60bf14005268f8d45eaac2a029
SHA512 0ea19a4c01574a2a91fff23ede6e8f1e136054e08b4dbce9a5911df9fcf942a9e4e08ef4d0433863073dd161a51ce68c882f1a577f8582570aca5e3111941e69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

MD5 ca95773edb39aa82b6069703ae61b90c
SHA1 33d79d019933c6ab1a741fc8f73165e4c21509db
SHA256 faec3dd6fcca1798e32b6dde59c976940bab18a48dfac8184cf38513eea4c2ef
SHA512 3385d9ce831635b6722f6474edc5025ad60e40e25202788bf79d32aaa55f0a3e37199257c001f3d1b4c90cccd9895a0b6f4707740dbbd0ee80694975539e966b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a

MD5 d53faa92e5f841369ac78c30f0d28b2e
SHA1 1b2b9c6c3175af6342348a7ec117b7b4158dd888
SHA256 121090cb1e53e35332e6a4b02e3be734959ba9849dd50a5d649d829be87f4c15
SHA512 d5bcedd606936293574b10ab44733a18b07111ce48e2bbad3e3a75b28866a5fb7e31e5fe4c91830212515935c2852abc168a6412fd95165465f233f82af63026

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000068

MD5 63d71cbd9e7f21201b5459be3c706ef5
SHA1 73650be1115861e182f9b7c8d1a1b904010fabcd
SHA256 e48a342faeb6e522e7b3b4fe8f99dc3d48e201f620f1cc4179411a67b3dc9972
SHA512 92442da895f80bbe590cd853c9bb3b3c6f3fe91e3043ef9e857a9de3622f706409af0c3541ae719a0839bf16f51d441dae33c7ffbd391fb5c162e6d4b3436a62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

MD5 6cb7c34e7b9b882adf8ae21f296728ea
SHA1 70d4ecc903caacbc3b6d6fd0c607d9e6a25aa804
SHA256 445882ddfc1015dc9a7ccd1ad97c6e21485b03491897830a3b223466205acc06
SHA512 1ef02707b16c04c1fb247d48260ceb653f5d37964ffee499f274808f5f2ddeb77c59b28b81594102c6084f57284d69021c20504a888918ebeba4a5483c74cbdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

MD5 881d318378730ef8bdf4f02c864e8615
SHA1 c96eb26c942bdda7b63fe8a1f868d4c7e4b28d0f
SHA256 2ec6739c74402adfc4d664b06ccf146820f4584faff086da15f2f65fe4b1c3fb
SHA512 84881919695350eaac969a08b176fc68990557b07be305e4858aafb6e72dd44092047ffab58edf6b94d552fd959f70c5b6f9344aecc64d462b078469ec7b02d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

MD5 88fb9298f5287b0239389cc0175807da
SHA1 3af68cc086b616ce1dd014b93ce53e5fc04c215a
SHA256 0826d6d92862c39ce97e834070cc9d2ccf73d6a78dc490b0af59f069d6eb395a
SHA512 cc4f1de44fab31b8ad05dbcee40104c23303c911a8c83b072c4f6062dd9c601b17c5fde0db9650bd201402345a660a9f78eb75301ffd9519bb45843c26726f4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

MD5 849cf2e72b61990cb9c46c8cae9219f0
SHA1 384effd9b071699e8716b142238b1b9ff1c8bf12
SHA256 2f5c9cb5a399e4580c323f13554c53614f30f846d77db8643352451d250d31bd
SHA512 6af8088fef83e4b78b3fb9a7027ecb0271ee9ad0a495dbef785b31bfc3b210a7338df0a52df4fb2994f90942b1907dfbbe9cfa752ee18c7d054e84ac92d84f09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

MD5 bd60054389163b826b9fcb951e93751d
SHA1 3974f0c9c15cddbda7918a9077b3f09632b7d673
SHA256 002179cc224d18113f105b6cc64ff08b3f0f3ad17f9cbafa80d838bc6302bc6e
SHA512 a0c70b8306ce97680e618093a740e4d9497ddae9109caea55c76ad0679a90f08f2bf926af8eea62f398f6e4228164c080828892ad1d7260edbfaa6dbf16c4c39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 65a6a0c7c8195b09a842241dce727d24
SHA1 5a85a1d75974cc570dffb8c1862ed2fdc3fa2a64
SHA256 64b1c995e88849e4f96b585eab826a8cfd33d37c14fe7bcb25da7a6a5acd3cdc
SHA512 6c19d5f511ecf84bb1e044ec2425bfb3eeab8d5ff090fbbbcdcbeb312449d6e47250b8c4d18bc452cbe58c58c24cd4b63eb2beec3b940c5ba394308135ff9fe3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 03accc0842dff16223bb4bed3918fdaa
SHA1 15079b1a9cd1ad98a3763f48e744f136f424039f
SHA256 7c5f63b75a2a6a76966f9aad50135c425b3381125a4c9205fa4c96b457adc0d4
SHA512 10aba6e0e047694390838168d510783b1bcfd479ef8d3a90d38d576a347f5de0e3474ac0ea6bf0428503f96b6812dd64f0535d1d3d47ad611b4a41e2cf140244

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069

MD5 8e2b7971028fc98ce9a89917c92c983c
SHA1 41d77d15e9a35676a19bdfe410cc0bd5cf9c8c89
SHA256 65ab3ea2832222ed0d6dacca1124abdf96bce119778b3babeb4e5e8f5ea1a917
SHA512 3dca6899fe646d1ed778bedadfca25489562a94c84d34d5ed9e9486c6c5597e0f7d3e7d150adc04cd7f548585c854689f51c9e1146eb7e84f930f4c5870a03fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

MD5 aa5778b2452d32772d7399af56bd1919
SHA1 63f542b67b5e48d8bd666bd5e0bc8d3123ed9248
SHA256 d49aa6d0b39e9b7a2a7b289fb30754a3d13a1b9807d9324c1f4d7f64e155ae88
SHA512 eb45466023125d02be4065a5bd00b18aaf7ed44cd209081a06485b5ad2b053fe07deb3330571dd01e285749517e9947ab31564b9de1d2c5a102c44083929f4e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 2a1d1a61de87f9bda5d6e2ae439c1bb1
SHA1 ee29cf1a9b152aeca9d756e77d1d4d0809a72565
SHA256 5da8700b4d74402f82b9f6cde6ab67e65dbc3fdd6190207b3733719817f1f700
SHA512 274bed1efd66cbfd851416f8a0bdda29b18df80fb1e8efdd5c1fb5a83812eae687ae8b26c53011c5c15cfb7f965ff94d2ea8a7b5ed21e12be103767e06287085

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

MD5 5633836b94d04a90b0dcc77e4840299d
SHA1 ecc7357a823817bd93e7b70c4b4bdaab80590f3b
SHA256 5cc49aec6f3a3ed0807117bb3a63d4c2cda1263356d2ba1622074a28be258427
SHA512 112e3980b56cc9d69fa4bb6956684209d31c3ebae411012aaa0ae0590f8d6d8ff6bb138f7f2fe199d5b217f14137a86c83be1281c6acf8fb262e7265cebbbdba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

MD5 c51e4ebe7b8eaab209c7fcc3140c75ee
SHA1 05862cd36427ee3996a8d2465f92ae61a22ed627
SHA256 2bf1ba777fdfaf8f0b74fc02619bda16d24a64ea2efbe3dd02c06f9e1ab3e5c2
SHA512 496eefd5337374321b6605dfb0c79ffe080ef297ad3d155799a29c2ae428b5e28438b5d6c226177e448cc3eebcb824545e331fc91a9e738b3767d72fa85f021d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 e938f1195021a3910986b47b159b1491
SHA1 a44c5337b3b9d976a1aba446d130d02be667f854
SHA256 a1a490971d1139e3309fc5c618f5e835af4f42e11f0de4142312de4b04442dcd
SHA512 32c962bdafac45f1e4d8e46dc87fc0cda5982c4b87e0fe09102a92e4713c72980bad40a9bc13e4549b7972e45475e0f17633165b93e67c2b3d77d6520ee08898

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

MD5 7c410c771d944565ad30c1991ccd52ea
SHA1 c0a98c5656675a73ec66825bab3a552f55700492
SHA256 8391882968c4e009b8374e62fe6dfceab41c94dc1ee7a6fe2792ca749aeb218f
SHA512 c5fb9b7e86867db55637de5f0099d808bde73d2f1f2eecdfcc5deb2c6cfd3d44d4d2cc5d281482308a2b5444718889262fd7a19877d86836b40e0f10e120f955

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

MD5 0c31ec8988613651f31cf4a0f377a991
SHA1 6bb333600e8847a07093500296477a0dadf05bca
SHA256 8cd6a787ca6b9593c4f2d2f9f9c99ea2eb46c98a31b77096ee53c20af1843b68
SHA512 79abcd9833ef61cfed19806c8eacba01816208a3f23811a971ebcd84025d24ce8c25e339238635c2134c4cc56594fe799d8128376555975e72bfc5db984cad8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 4d74361d7768c8d43b6998212f497008
SHA1 617bbf944b6680fe606aa9b3bf4bd9b3f995e845
SHA256 5e1661a0f2f4b6691b1e3cfa30574663d11ec2d0beb0a2a332c31f8361bcedc4
SHA512 3d64922191571e078c5f667c75898fac78785e175599499de4b4562b01de2d15149aa47095efef7e4e92bef1376203cfbecabf0c6578e9715d09f6d0faa28232

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

MD5 2342b954500f13b2bd5d399043f454ac
SHA1 2240d0205b96305d95815bed6402326795d80bcf
SHA256 df2175f7b90cbd1a82736fe37c64a88e7f95423b24b968689f33aecc6d343d2c
SHA512 af7b24493cc442817261cae5d22814309340bf5a4397530ea914a68d09a186d032f618b04abe6cbe5ab7d50b159306e6f888ef7481cab640f9ec9c20d20bfaf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

MD5 3273150a671746912a7c342e8c2066d3
SHA1 7c798b2f36a209b648a2e47ad4f430f32774674c
SHA256 369e2f21526a4c71a115cdd54d56805f2cf9df027821ce439a1cb50246b7ba60
SHA512 261f6b8d7b630ce94c53b040646c145e7d20cfb952865e5014aab04a8a6bb3142feecd2e8cd37f79591fe94e411714b9094bb4d391db3f20a4a10a6deaa98fd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 73db264872df3463a08dfe73b808e727
SHA1 041dbf2d63f8892d9b1efc079041385ffa5db64d
SHA256 9a62a1932ef2859ec2f723221a36de791750d8dff674927c6a5f55232f53af71
SHA512 250805349989b4242bcd1e8b4841c1a08485964b687ad88ce7d822ec386ed284a1b3e0c5b88d48ef00ec744584985a20fcebd3529e65743e2e105e6a10f7a102

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 2f31ed5bd310aa767e575ca2f45e9d4d
SHA1 2775c1a19df993cb79b520bc1dac546be01681e5
SHA256 3d85a121919a16520443b8ffd2c0a31880efba437073f5e071f8052540c81a30
SHA512 f89db40afa539eda66f48db66631f65d2298f71e98b30966c20e0d2b3f8b7509c0b11082476c85b5a188541891f0c391f4b6496bf14703ea0d937fb8e50bfbc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 614429a0a243d439f8d15810e43a7a73
SHA1 43683230c324107fbcc1d5c02e766b81a5db2ada
SHA256 d5d19319e2145756b54ce5e4849276f7e604173dd8acefa7e0d0197ba124de7e
SHA512 a2b9f82efbb207693028dad970201443455544d6e8299c9da45e36e208f27836aed79a2e3ceca8b39be2d02199e3b8d3dbebeb20205ee939c0df9d4750240b8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 a16ae547c9d261ba5408a8340920322e
SHA1 92096426ec80fce1bfce52dca7402e529b4e9c24
SHA256 008017989d5c0baa956b4a5922af5526b6773ecb8861b82fc6099e0a0b67b914
SHA512 110ca8a6b6e43c1484e932df9fcfef6a0f3431737ea41df1a6d512917fd1cd2af8589b3d11e3e3238adecac94e7917e79e6c172265d714d60afa161b26456c17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 649b2a509790034f3994efd12bb51af8
SHA1 9613377a2c673a3441808c660fde35020167071b
SHA256 5c1e483642f91c0aa5e42cff272467f76568646aad7668b78a198cc2b7c19527
SHA512 fde7d40058bb8df31ad36638f01637b6b5f4e2df2f4fd5ce11a792a6000dffa3cf6e84d2e24c6c531fb7b31949b37b61d3800b9067e008219cc6322d44ed9f24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 f8db525bf50c2f790d45c6c7e2550d8b
SHA1 36012a2dba83f696d6f5b01d3f54984cb26a2e45
SHA256 0a48917ebcb1b67919b3d430af9ac53e3d8b1719b867a18f426e9998ca5cf9cb
SHA512 c9922e99c6920ee31e2f3be5f29a65101d1c02e32adfd21ed74b6a8468679a5cdc5aa26ed4f43de3457de03ee6744f059aae20103e96c19789cd13cdf04caef3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 b8fcca151ec9235560c5a9a3d44605ef
SHA1 ad59924ae99510ea1183f8297cd30b58e683cc6e
SHA256 fa1eb5ae9acd0add8ed10779e8233e3d95e9b8ec53b4e322615363d6f7ebec15
SHA512 a8fe659b37c73019fb0e48528e9bcfda61c8229c748785172273d5a2fec4370887e70f160a63f7e99cac732f17c896686ac49b5073a83828880e66ac4b83fc56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 bf8222c1904b699e4078306c393b3999
SHA1 7c364f8d959cdde7158e42c6fcaed33d9aca0812
SHA256 c2a16412bef8cd27ff29fd1a8a76c93b2cfec739613e74c47ac9584fb0947ea3
SHA512 54d58bf39e51add59f5709ced7d0775aba361407dbd2d9cd859398ea77d5c9534941084c042af55d5d0c34bc4ef3bf1b903c059f522c2b99d0b9d2e1601dd156

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 d6cd6d123edcd23e0436c2b70c0ad394
SHA1 afe5abde16abec7902a65657217b6719bf6cc5d8
SHA256 fa280b4311994a9b3bb90abc69411a64e8ff8de5faa0ae6ffb1d0b711b55fdee
SHA512 dc9c1d10fcb6630e54e4d507681398d2f25f509d19158f4dc819e1bcebf88184ff9ddbf776eeeaf1c0d7f0b395428748853905df2c55b05777cb22dd54194758

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 a0c461ee66541023906b6a64473ef5aa
SHA1 9e2f5e737c01743d6e617de244342da0e708bbaa
SHA256 9ab841716982da8d67b0a2c303c8a4aaa0cf6adb16e1768c5cbf8f8b2390020a
SHA512 7bbe352c4fdf15f995c34065dd67666aa0ccc6e523ef141d84229c30f357d283bc78142534c04ffd1b6751452975281a701371a919da34403ae1ccbc87a0643b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 9394672cdbb31f26b477e3e992c106d3
SHA1 91f5e73ae35509d2ad682dc21fe93e7ee15433a9
SHA256 155e6a3017e1f775ce111b893ff13d3341b6f0f72a20e7aba47a231b3d9b78ff
SHA512 e92b7a4a678265de32852597a0ec5e4020acd49d9f71c2d8d8d08b106f61b9acca2bcaa705667539d81a055fe2dc394e783350b8077e099dc64bc719a6a91b39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000090

MD5 e5592ce63e6fd4c9480b10373f630f7d
SHA1 b54de16601a1f4c5a69dc5d81fc32c1f9f506333
SHA256 ca9491d46ae822f37295f8b9c6f24d10347a8d8420aa6ae48ad59432b20212df
SHA512 54d7ba74c059216ba0b2813cf476a0bf3d5830fcb4901088556dc2fbcade52eb6040c2239e53edf800688d06596524db3eb20cb041a3d4d0e77b9885160907ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

MD5 e3e285250b974b09541d04b272f9a7af
SHA1 d7d074c08120d59680f091cf067ac05763d23fdf
SHA256 ac9da557e12aab1246ffd3b49d94c8d9613d092140c5f77c71ff9751e3e0912b
SHA512 4c7e36b62c84e6bc58dec335d8ae29d89fdd1a4c45c613eb8a9e7f8c80e3b6a418c59eb4d68f264af4dd5c4a5701802846bc69f77fb87ffa0ded3f66b2aa5f15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

MD5 ae1bb7671f6bc1a1c7298da34faf2e25
SHA1 b557bae336659ac74660a56ad0712e3d2339a14b
SHA256 ec05d8b1adb2a9c3edb8a50f384bb91114b32c675b50bd0a5be60d5b3a11a54f
SHA512 0bb47f2fc999d6613a5efbb84abf42f0ee3cc641f17dad045d191b95863701ff19b6c015cc07b45dda8e79e3d045cedcbd5e9432c4d03755b0a1a93dceb84692

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

MD5 167969f0202fd99259b74cd31358b046
SHA1 a188735797c0130a3d263a5af594b71a73047be9
SHA256 767f60653128c1ea209a6bb260a46ebe183b30c5877640843901ebeb6e7d0dc6
SHA512 4b1e282b9738fbc675d8941c99ef545c659ad645e173da7559607cca9c15e697913bbd27f93d1964ea8fc074ddeadc49621202744a67204ccbb7cb3c879ec846

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

MD5 47684eced5b0dadaeca492b2042b7f2d
SHA1 3ae336d847bb71639c9d5fd0483934788f2415d7
SHA256 e8f4bc1e92a98a17cd3ba6d356d5ee561261ff7f581c0f313ee316daa85660b3
SHA512 52ff9d049ffe921890c6afaebe0b4360eec809eae42e1efb43499c9af1fa6d4b9dfc4a2ce6cb36f11c7de1cea252ea8ad6ea417cc4fbf2be0d9c3d0e03b48a8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

MD5 d2ac3ce37eab5af180ed3cfde278739a
SHA1 32d2e6ab09d9024ea0133e09e5ffbe4d9d246ada
SHA256 ef65ab793f797d4173e7d0a5b36fc2f95797cdfb06570de4e16be4a5370bc5a9
SHA512 246d85cf60ac20a51137431c14fc702388ee667e286e0ec99b5c8e8df69a705c721b573b730e931c6412af140cb161274fe6da26e2682c8f148e9e13cef2f2dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000091

MD5 c47a0381dc7584cd6bbc7d69999ee192
SHA1 03d636d173d04f2aefd8ce4897a78300fa676229
SHA256 88d33659149a0b7c42015f05dca7436950cce5fd297eef3e4cfef208ad5626c4
SHA512 a32b5a862868dfd132a29147c81d8cc5b3ffd1cafc227bed41cfb63662feee0a21bddff70b1143aa2e9021654f372c8b3397e1d952c5268bb6455c3cf1bbe400

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000092

MD5 f6d7d9ecffaa2c6af6adc2779a10b5c2
SHA1 56677a50ae4b6eb1253bb21e854149aea996e4ca
SHA256 e135e4dc992aa75a0d75b257392d65e5b9eccbff3ec6dab5f0001ce917f30e64
SHA512 974e6ea5c3e7e0318e3954c24f1610d153d518fe1534c274fb4380466df858876d9da529721c8dcf46714197025cdbc0a5cd78ba33021b724140f9ec15c7e7df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

MD5 8863c89cd5edff55e6f04fda0c4ef021
SHA1 3dcb632bac365b7f961dfd7fff66e6990fd16e79
SHA256 1a480cd3b86651af71b4592dee221619d0cdf3790d9626e3ac12b688619b0937
SHA512 c5843b969521e74075d5af8c8bf1e6b5f186f2e6dd752c0e0be94122f0de5039aebfc64c603d1a7f533bbd72d26f70f7ce8a4e9cdc230f3d08afbce3fc7aac8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000094

MD5 2060c5428fa768d7f4705b7a3aba1edb
SHA1 effeaad2f38bb8a319d4b29a7bd4a20e7bf194fc
SHA256 fd44fe9d1ea262f1e008eab15d45ad5dccca49cf785e156f0c5f0befda2c4e6b
SHA512 50244f2f981c432e7252461eb36a1aa5205980693a567dc5fe67b19e08a730180d15001d1959d326ba68e2f4ecd1c5c3275599222ddba8482ff259c66760e561

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

MD5 07302898edf72ebad1f1d2047e404896
SHA1 daf65473d1ef84d12f92e32b46eb85e902ef93d8
SHA256 763f142ad9a08d8d5db93999c31a414b08e1cb77debd389fe10f377b1e5a3769
SHA512 1ec090dce9cbbf6548745b656cb1482fa3573bfa3e77f0b32fd1d56d01be2b4a3680f272999e857ef507ab2fed3cc2cb53156b1575c57a2ce5fa75f695e73c85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

MD5 fae726f0f474c69a6093d627bf3e5c29
SHA1 c8a8f5b8edd703562f277cb070d793beab9ef262
SHA256 47dd01a8bbfe777713d670814d0f877f30b566282dd1fed4b191660f8145c022
SHA512 218694d2473609bf4a2a3caa165da7881f2af5abb0b128be0e78cffe7fc58edf395c7a7f9f85e9eeb340f4b6328897b31e7710080678891d7a180d64a21195b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

MD5 dfa6acdf248a53b8f372e5c62ae16ad6
SHA1 5b5ddb07c4db4d644a2585eb35c92090b195a634
SHA256 1e5834a8bda6e7c81273a593446a84606d1fd4b031b5628dc199665461e578ea
SHA512 4667bc6496e8e83b1c692c864500b6fe6f9823207cc94afb152492e7f95cf4063a0c50fe0619c57fafe830c3cc17c5e89d39d429b31f55d2e621140bdbc4aada

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3bdd8249b1ae63445a7d09b51336a48e
SHA1 3119f27225c1fd6c7ab09b232bf182c39ee05707
SHA256 b75772f26be8a7a8254b9f9c49c1aca0785681f345d89ae62a718a67aa07ade4
SHA512 dd862260c895fc3563358967f92ba04af16e0b00a6bc074ab83cc4f1438a38ccf45f5700541a6a7cc553316b68b13db5acf27c243ebc31741926133983abde6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

MD5 ad7eeb23ee468460f96dbab2df60fac9
SHA1 fb65a789b5bd8f90971a8e93982fadd3147734f8
SHA256 1936c3661b0733c6ca6875c7d435e6fd2be564066b2c497d1605ddaaa09414c2
SHA512 1ac049871a05434d377f905f53d027e07c27702c745b0f17eee4be1d4399094a3d004b2594a1b96583e48fbfda7006e1e6237448eac0800ee338daa1f70b2d49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

MD5 5abfa623122586a592511c2793a36d4b
SHA1 d23f1872d91ce39587701daeef9cc8189575480c
SHA256 f225fa93ed17fce2b52d58807678f6bc3ce72f5e1f57223db1cf94d7bfb01a74
SHA512 b7b97712f1ba1e7520f3b90175e33d7dcf0d2bd7be44883ce8bc18d785df140a510f21970896ce85154bcbbc1a5c1e13b94199bbe86bc02f9f2eb96545fcedaa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e

MD5 7863749a24ae0fdd3e63f65502a89a52
SHA1 93122480f9a789036da9fd87594a6ec34821dfd6
SHA256 b221b1958b17de74fbd4851602e1e96ff1c995d955752eb72d3cac17ed624b70
SHA512 6ae502c095423bce00ffdf714fb3b07c18e60b828395921656a4850f28677ae23ffe2a0290b8a53caa05ed917a5a02a201e31b703781273107d7305da088c77d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065

MD5 4d8fd46a7ee29657d47a24c92b72e954
SHA1 5f05e938a84d043036844670ec9e9c85c71a4ccf
SHA256 9186fa1392e877f49beb8733c0f7de1172689c46822806068a1d815ec7a65417
SHA512 8caa50d08fb1bce18b00b877b5e066ee2ebc71db64109345c6ec0aec63de1ad96fde5ae7a7c6001e834bbc4cf945b5c972ce2106fd99d3957ddfbfd4667e38b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000097

MD5 17bdb0f1269013b4c5a77b8b9a831d0b
SHA1 d1f8b2439cbcf857543d10e02ca7ed08cbd7423f
SHA256 469454c0e67d8d9422cea30ee57578c515eb425b3bff4e2e52b07d6b7cc60b2b
SHA512 ca419b6ff2264b25e30e5eac5f9c6679afafdb7e3a404d89f377b031c665b2a7186ac4b4f1242f2c36a973175989ddb7c90e980b9b5aaef3570587a5dd0d136e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000096

MD5 7a269330291f55b690892abbbb79c449
SHA1 6d3902bfa24321e9a7afe489f8b4f3ea69e71d3e
SHA256 7a15f6fc596451231a092d1357327fbe3e151b1f48dc3232c508163870d20960
SHA512 6c0d8a1760b1b91ddfb9cc6dc16a80e763c813b9f3645ccf6519302d320997f68ca38ebb51249dafba791d47815bff481c498f3d06d835c33d9e6798349cb4da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

MD5 38c82ab588424ded8a1232e42691bb3c
SHA1 78af6dfba7c46d1ca1a41cca5f7c738c6bcd1f03
SHA256 1482718a24feb749e9233bf364afa7b6cc6df0ef75260316d08610ac465e5888
SHA512 ba14f66dfbc1623c80ad2f32c7c666392e269b365cb3b85fd567e4440f9ad4045e027409a6eaa66ec5d56374c16fdea3d447a554bc8e732a865303ed84cbe75f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

MD5 6f1d20a8401c9598736cd090184772a8
SHA1 924c541f02efb4d29dad744d7f5043825019985b
SHA256 cf1d92b7342c597edf6bba6e48bdd27aaa8671bc97a8606e04e2a372645d9337
SHA512 384a6da43415f15ab81a132001db33c4adc2a9f23771245f3d2ee33ebb9ac7a5614bf6b9c9014d92b7370cce6d50fb0bc734baedcc2de456a8b8840dcd082d8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

MD5 0922172019cf1a77223f458929d7a692
SHA1 a67c599077a93aef452516dcf6f3bcf41559d916
SHA256 ace2b0492847bb6120c42bb942ffadaefea365beae34fcd8a420313aa217641a
SHA512 a42eeb20fea0803d0edc1c97870f6b0e03ffdb00ddbd606d992961ffe1e73bb811e6f5cc98936a7a6e4d494b36b4da975753dd4a62a158bcebd37670d7e5216c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000095

MD5 c208a1473b01cbb420850ec930d1ae26
SHA1 58bacdb861c4656786c5e5f3820077ad0c872523
SHA256 75d4715e7eed4018c7d30dff5609641659cd61896f239c29442f2c99ed9b2665
SHA512 9899d3ed6a0d3d50e71910cf2268405c65907b40b501d2f5d8fcee97bd995315f5766dd9dfd1f4691c71e7aecb591948c6833e7bc135363fe00ce1fd3849cc2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

MD5 d68cb17171716515b82b0322b7f9d550
SHA1 f6fd86db5006698df18aef96e9099674acbe6c2d
SHA256 46a0f7c9330507caf2be539f07eb3b264e46c33663521fd4f46e2ca10f3c2c64
SHA512 84b287081db8277ccb11fe91f726f0f6968a1dd0955a6ac1d745cf59fafe5b28c605971b072431a096122e9a443f9630a47689b901b5dc16443489c3c24c40bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c

MD5 579d1fa5593d03c256e2b19e5b6659c2
SHA1 e6079309c9db9298bd7421b0bb72dbe7f71e66e7
SHA256 eb0f463a09590e3cf7e70580284d3ed09c0641430276dbff1b62a40970f3b7e7
SHA512 ef0625ec4c60da6d43570407696f3610ff3a8bd269959e8f75e3a95f82e3731fe5835860b98cf280e948da38ae4f7d8ee67fdeb90e2a8447370985279826828a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067

MD5 b5b7621cb6e3c5184b1eab8e7a6e6f7a
SHA1 e0b106d6a6cb6c4c598970cc758cfb52bda31bd1
SHA256 5acfad2489c58377b95560625f8325d5d32cd57284dc7ea079393961d0b9ac25
SHA512 5f6878067bd92eb5ca057744ac45a80203c2274c846808dad7dd5be7eeb4e4942d39be84ec08bf043afe80b2b4298d67d4b39d25e2b56769eb0e3ae7624ca8bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

MD5 12e30a9a155305da392a96f99b964f38
SHA1 b4e61ef6d0e51fa19beaa3e9d830aabc41263057
SHA256 d1a45d597f74dde4dd1d8abfc7f868aaf7b4a96dd332140807ddcab3c0aeb48c
SHA512 c71e838e3db0eada8e476f3bc893762f2e3938fe11f9abdf53bcbc005af8099fb62fd78e62fa3d7ba8faca02381ae57eed03ed97513bdf1f3caca6a069fa3377

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

MD5 bccf5f69c5af22d312c30368d73a7c90
SHA1 a280561cf5489664f76f83774a0628ae22e60d1e
SHA256 bb74a0b58002bb065df93f9c6addd6e287bda43069646859a230e6c321c1dfe8
SHA512 a29bbd8f30b6549376c4195d003764dcdedfb4a7ef5c356f163074d1ddf6116ea0f04b8b4ed61bd1b21205740faf40af05671a4c0c89f38ed67ed00d8a214288

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000098

MD5 698777a3cb0249cc95e1f3293ea104c6
SHA1 0913782808aa46c909a554f668af84438281f774
SHA256 6e81b63ab383d0f12ef50d60003999fd6d0986e62a5104ac49ad0a7258706946
SHA512 acf540150184a49c86916122a9bac1b8debbd39a37f25ef1ae2159d9ae59da7db9be2062721fe174d08f84f2ba79a5f5d4af4583f24af543d7c81488dd2873f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

MD5 f83e5a661af58ab8f2e58739bdf72e25
SHA1 dd434a4573bd4c29f932e8f383289107dbfb918b
SHA256 bc3294544dfd71c23363cb9c76e11acf3b0155bfbb4ba6f0bb8a7390311e3747
SHA512 06ec084cd941ab4bca5c677145f0e3e3116b25f774279134fa23ac13151c5ac3bf3c250f76803af61dfdb099f9c110ca3290085476eb3f08b77bae2d535486b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

MD5 6effac16abf6e2b61ae1ea5a33a0ff26
SHA1 714fade0383bca1d6a2df311531bb6226ace533e
SHA256 f3547090e20119293a349a750138b319ed37a4824c63b625b7628604b4420e15
SHA512 2a8df9910cda4bd4b25184e77c2a89415a52dcfdcfc741062a6b57f6bf50c63c0907f9ccaf0bad925fcc4322e2270a22fd6f0add798bb3f506c71b1b3d14e575

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d9c09c6fe2ef50e02debe589133bb2a
SHA1 4aad5aea933122ca6b9f032afdda332ea20a9735
SHA256 d61429d0d7f5e9b9bdd1128ab5267dfe42740c61828d02795a0fb8f11bcd7965
SHA512 259dbf0eed2f542e11116959c5eb8fe5a6fa92170208cb9159c53ae52be41c4f93891be95b40c1547d251151a1acceeff742ad041825105070bd857d289fb63b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 efdd45f17763bc8451f4e7dcb06babea
SHA1 93210a6c455b023e690d7060ac5b44978c74f96d
SHA256 3a1aec1306150676f03bc7c237f4c2673788c62306693fd6fe2713b7e6b07a6a
SHA512 9024191135e28be961652c0a077a46e0d8711016488964a475f7b31804d8a9d49183c70261077e19a4d2e5f88acc789ea81575a7cbc62031e8b9e0744235896c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bd68ecdc6b965c179b49043047f503a6
SHA1 4392c6e209a9aa5b56290ce6b6bf5cb5e83ba2f6
SHA256 f78f7d00556e8657c819584dfbcc1f56a790d88ac69b87228a037b5f7a6c9711
SHA512 bed5499515634adbae73b44a4ad8f1b7d793496bc1a7742b4561696d0f3955c3b209a040c2263951ee24706cbfe9db6a272f8220b260ab398ab5e54cc7db1446

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f5eea1734f2f9ba068e4afd0eecf4d18
SHA1 3be2317498183f3301e4411b52c3825bdc1134e6
SHA256 7c828d6c02139f15121abb9816fd3f7aa13b110b2981d244889f8f56364b9913
SHA512 e5f25c852789ee575e63d2fecdbd69e3dd4386348adfe27ce96ca4effdffb2919710f70334b0b1cde606b1b623d011b689cc19292eb865e8dd24e533a23bf9a5

C:\Users\Admin\AppData\Local\Temp\7zAA752198\nemu-downloader.exe

MD5 cdf8047ceae80d9cd9eb798a57bf6084
SHA1 8e7971401fada3099aed61849745fda37e1c0d32
SHA256 1f01a9abac64fae72e0a253ad9ffe2d62cd2967c1c2bc90fb956ac446fe2b11e
SHA512 ac366f38f39b935110192d1355147392ced5a21966cc22386804356dce24b2da7971a6a60d675689f93d74014d961bfb3b0c13cf06809b9f9feef580045e20dc

C:\Users\Admin\AppData\Local\Temp\7zAA752198\skin.zip

MD5 ecb43530caf9566c1b76d5af8d2097f1
SHA1 34562ada66cd1501fcb7411a1e1d86729fd7fdc0
SHA256 a12381f97aee2d91568f44b23e866ccc99f0ae5e5961f318ed24b72f4f5da80a
SHA512 4a243c0bc4dbaf892bee91ea7eff9e6a7732d3aa2df5bebd9a4bea2859a30a8511945ce3bb823f7ef921f2e1a98906fb676fce85f25fd5908646b3a2f5d02563

C:\Users\Admin\AppData\Local\Temp\7zAA752198\config.ini

MD5 d00fb4c61a255b58ff09886c6c72461b
SHA1 4e4f7d7ae36f67a4d6fc8479f8400b3eb769e978
SHA256 77dec4d79e1e844a2156f101defc0fc81c138a989e8ba1c722c58feb91b3cd4a
SHA512 8494ab9fe0594f3ff7b0893ca3e25d6d0a706e546e92c5b662aa864affcefe5f9721a6a95f37f40cdacf39d27a23e2b3cd5dbca4d7b8909cd7c186209d4b46db

C:\Users\Admin\AppData\Local\Temp\7zAA752198\ColaBoxChecker.exe

MD5 839708e3f96cf055436fa08d6205263c
SHA1 a4579f8cb6b80fe3fd50099794f63eb51be3292f
SHA256 1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752
SHA512 ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

C:\Users\Admin\AppData\Local\Temp\7zAA752198\baseboard

MD5 68b25ff1ca6537e60b28945032d06390
SHA1 7e854c12cc271355b90126cab7737eac2fe79501
SHA256 7393615ae881bc5c5d9a2e02f0be0f488908ce33bd54c8bbbb86c927c46cef19
SHA512 9a87e707308811fa294000d38fde0c1ca9f72629836bb28039660772139c7d4e10a7347e8b2a1ad4e106e4c342ffdf8aa6da512ba5f99195cfd50e29e53ff864

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

MD5 73b7ffc23e374a9d692ae2009f466ee0
SHA1 174ce516de6ecc43fc6f9c2a21a8e1ebc9ab465b
SHA256 45a420b8c3b464180359a80107db8cd584178b481a5ed01e5c709cd2909363dc
SHA512 aa1c3440f74103b7b82ed35f05ec9e573c959fd8ba3166f92f1208832e5385b56aab2ca20c46ffa9a36c18652fb0f8fef227527fcd3a627d3a3623b00c1f7516

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000099

MD5 0fb022d4ff890cc3439d144005da6a90
SHA1 edc9c0d948b6550424b9f28a0bbb41c24cff8e53
SHA256 352fc9cf18277fde383b6efd8c9d8bbfb2832a91baa294a414471714046abe1b
SHA512 6b77d2ac71acb4b8a26485af781cf0b4f3e7988eedb1e3610734c7f4d4239c0c2c4894a1e6ca67f26d666f8a88630d2fa4ebf2a3cc9823e0afc89315e1cdd132

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

MD5 4bb4a84bf5e8aa060fab819184c9fe67
SHA1 f9811c8a8317e2068966a8f40bc0275738204be7
SHA256 bbf5d09f5ec09631888313ec56004909aac11595e9a6d2afd9669a5d38db14bf
SHA512 0fb2eda75310c32879eb8bb6984bc201f3338c5fbe8faf4645403b68c2d1b8da5565977f6ef1b3378607169f3d25bde3acccd5577ed607272f35477877986f01

C:\Users\Admin\AppData\Local\Temp\7zAA752198\HyperVChecker.exe

MD5 dbd84c6083e4badf4741d95ba3c9b5f8
SHA1 4a555adf8e0459bfd1145d9bd8d91b3fff94aad0
SHA256 9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39
SHA512 fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 38fbe6082b52e3662013c35ccbd3ff5a
SHA1 a0eab6e7adfafef9b52ca797e00b2a9da29e121a
SHA256 a5346144d2f437dad6c293216e44329ceffda564be0a732f9adf2ab34454cc26
SHA512 463c2861d8308958cc4f0c615926e3dce907421dbc4958777c756929a4ade36da29af198a3dc0f8e60ae854763be54cd4823b904ef3f6de63b8187dad3400979

C:\Users\Admin\AppData\Local\Temp\7zAA752198\MuMuDownloader.exe

MD5 2f3d77b4f587f956e9987598b0a218eb
SHA1 c067432f3282438b367a10f6b0bc0466319e34e9
SHA256 2f980c56d81f42ba47dc871a04406976dc490ded522131ce9a2e35c40ca8616e
SHA512 a63afc6d708e3b974f147a2d27d90689d8743acd53d60ad0f81a3ab54dfa851d73bcb869d1e476035abc5e234479812730285c0826a2c3da62f39715e315f221

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0ed93a65d09571e6a686c117f372d56
SHA1 ce9f09c535c51ec33a4bfe7e34e76672a355d8b9
SHA256 d39ae09173ff690f2c7c4a309841e8fd27e66ae480f3ffc437c7f17b99e340a8
SHA512 8762171fce3c46c546047fd9ef46e38b308ba64e161b9799ffc723b3b7291b1c7276dc27a6e17682cf1172490a6eb3d97d5779a6e8f683d86dbc93621b3735d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c2e66c40fdf6b1b6911b9467612fd5ac
SHA1 e10aec9f736c49ff472ef00dd7d69bf722d969af
SHA256 4052143fae1d2ef13f92532ac132c62dbf297975c624136c40024b2cbd93c621
SHA512 80fa6607f83bdfe49b5160a77352079d176c5d33314cd51b72c07f9d769f76f64d5532dab0d28319069b68eae76f9f7b9cc52048e503cc944b89163680f7a25f

memory/1456-1339-0x00000000000D0000-0x0000000000685000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b66f25c0f4ba8668ce45acd3042dfee
SHA1 0ef7e4f629f8965ce98a927c559da9afa0aa5bf2
SHA256 140817242e2e478fa203de85d2a18b29b9dff5a19a909f115e1bc6223fb8fd44
SHA512 8f0c59dd98cb1b61dd18da45017e86c4823005bca7a35d78f9df0e6300eadcaf2e9a24e4fef1a2fadac7e9a9fc81506e7232c0b8bb41f07771d957edd05906b4

memory/1456-1349-0x00000000000D0000-0x0000000000685000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 29034973dba84d29bb289baaa8d98016
SHA1 8b799377ce709a5f6bbaa528ea69c9d0d1a751eb
SHA256 600e3811809e7ad32fe97c59ed98201d5f6462deb12c7fed457670ae8d5b068c
SHA512 23462609c44c7c324de7d063e428cc1e0949c2a11b707b042cfc367f726bebc162a6a756e78fa9384c1b309563ef5847fc0adbce3b8a03775d4a88b6a408214c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8ed0bb1cdcbc9802fae0876faff95a43
SHA1 b291e3e5df8c9ac014e2516ddf8f2c5887468447
SHA256 a79467bd3787f136de477a8f4c607fd9f534c6a82718c956f93ff41db1c26e77
SHA512 d5b39bc2ec5285c80abc028761ddd49b779c0a7bc71e10f890b0727b13ccaad6bb9ebd641fd03a9ed04f6b364cf9c370ad45c37ff13e993e34eda2368c1a027e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 618ae928d47554851fa21cc351d3aa3d
SHA1 a9255cb065b1a51652149aeea9a702ec866cc01b
SHA256 add8410a7cd6ae184a9024f2d8da5a9083096cbbb70af67537612549aca3ea4c
SHA512 ae0f9df1dac3838cd91309ef72c58e86621aa74d680414e6c8e2cc8731f1f06e46aff3c4a2ec644cf25a38dd7d16ea56857ed17a0585969e9f2ad47169b97410

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eefcefe3657eaeebf8f41a5f643ef2d3
SHA1 65341dd652bd09ae64a2f98355ee20d6cb4cb17d
SHA256 51f7ea2b63d094e6911cfd39ad66149f6b29dd3f4008572318f0a873ebdbf7a9
SHA512 65008eb5c8167d10ba118392cb2e653787a270a538b255867b895f5ba5ee7a633b8b68a596b6d233bfc3070dba8da83f8edf56d3f463ba054035de3a28dc02cc

C:\Users\Admin\AppData\Local\Temp\nshDB5A.tmp\LogEx.dll

MD5 6eba32325d2db645c958c551f0aa2e31
SHA1 b116cc9ff0369af681ebf805a1a3befedd9ab868
SHA256 cf7b45a69a13551db95dcdefc8bfdd4128e1c1db67198347b43469b69c36b844
SHA512 6c48038341bb16ce50b01c99f8ebfc919adfce61008d9718c06d55e92e54625ed2ab6ac850592e847bca61d7d57809dd531afeea4f0fb0c8310cfe1710f37927

C:\Users\Admin\AppData\Local\Temp\nshDB5A.tmp\System.dll

MD5 283555de06751c261b66243bbb1558da
SHA1 4532ed4e255ad0163494a02081b45e893ad666f9
SHA256 b6298637fea88a44e4de3f6b7fe254fb73857c08f1dcd8bd1af6f9eb5e6e7e3c
SHA512 469dbb4b7cc0d4f59d903415fbb7ea6417323f0daa2aeb2945a9744668f3d9fa95eb34a9d64a647835b563c74c3484c6d4b823a75119599aa5f975dbe471d3ab

C:\Users\Admin\AppData\Local\Temp\nshDB5A.tmp\UAC.dll

MD5 b7e1d609915cf0b3f9dfee488a92fc91
SHA1 d9c873b39e3cac648742568378fe788b2cae6e84
SHA256 fa3bb333f615689691ff98527dc3341e3b8ffee4bf97c6128820bf0d303930e7
SHA512 ae4a00659f522996600bd0754b2f2706e297939ea616ada66e590409c6c2f28ed7ed39b67a078ae72e9b472a97291c7f3da42339051ef1a3d1941b0368b2e775

C:\Users\Admin\AppData\Local\Temp\nshDB5A.tmp\UserInfo.dll

MD5 cb310d97bd72a6ae8fc6e44c88ef9e8c
SHA1 ed935c8f17340fecb7021dddd9dc7de0e23bf487
SHA256 d6fae2e57c84b25b73fe942fb7ba725158b21ec81c9d989845b64ba1ee337c27
SHA512 8351004d0bf86c5577940613cee26803d797b2375038726ce31827d66038664aaf74399d7d5e11c6487012942fb4f147b7021d6e887ac09c39f541991f594f9f

C:\Users\Admin\AppData\Local\Temp\nshDB5A.tmp\AccessControl.dll

MD5 bb0f26c7a18434ee1d648c7e6743d1fe
SHA1 f7503b348aa7c7691668fbb64ccd541e247f87e5
SHA256 1b4d25f2f544f520c20493ee1e9ac7b3043aab88e4ff87953390d357de4c2096
SHA512 4311e960a4f8f441b25c5ec9a82d64112016ff9c4510dfb082a0c1bcce2d03cb2871912dcaafc5d00f07ed9ac4d6d7998cdcea2bfc84f7180b2f62a2cf24e08d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 535a0e4b4f9dab8a2f5ab16d393fd994
SHA1 b149bb34cb1c7bfe5e47a0a3a46b36d04387bf81
SHA256 c55854373a5db90e7bdd74a2a1823476fd9e721d9ef434ed282058b15497bf13
SHA512 63f21974d5955867cbd767616508e58cfcbae1f72a497718771979607dbfe72049eb3329f9a674bc64945503a300a3f6304bc2a6dc83f8ba02b619d92b45a0cf

C:\Users\Admin\AppData\Local\Temp\nshDB5A.tmp\nsProcess.dll

MD5 b6cd62358973125f52d756d6d3aee8b2
SHA1 7c9fcfa85a88c507517a659f778355b56cef921f
SHA256 44c14f1edfe7deef518264675e3e4edb6991d5ea0d50f0f6b18a819dc31bbcba
SHA512 a5b756e3e1a31ad7ad9026bc492de2ef8983385e7c920a2e3eea363df3c6d112cea2a0373cd9bd8be1fb3536ee9623c6844b3c7a92d8cf6ee050aeec7cee76bb

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMBalloonCtrl.exe

MD5 8a7994be6ea941296b492252de59cc74
SHA1 c5f3ef41482961a89f5649fa3a229fd334f2d268
SHA256 865e6e5f38e3bcefd5d06c4591208f2d555af5294829a4cfff55299ca230dcbd
SHA512 9d20c3dc2582ed252dac46e323c31e019fa8d1e7b8c777596b0e512b57edf5c755112adad2d0e0db0ba8e733a07bc6b895ee024293b1045bb359fc0b0c70ddaf

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\libAccelerator.dll

MD5 8041ed0f7b41a89d6aa0fae432ba9316
SHA1 4c30b8a9647cd06a7c3c6d883e1dd9ccbd7f716d
SHA256 5a5f25c1d17557c9cd8740967f2c8de8b23d1caff2011043cf61e4b59cabb9ee
SHA512 3b3295605cd2d043ea6ebb0e0489f2225d85e2915a1f15e1f8b5424fd7140828f3e342a65c42aa5ca243ba3f10e1e27ecb5e16865484e407fcfce9aa8b96485f

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuthSimple.dll

MD5 271baf8cbf8282a9310a5026c2f42d03
SHA1 cafccdd75c95d06c9d4849b7009351a9459ec7a7
SHA256 4e61790ff8ea8279a003c0427d86248dc74643ceef14dd0bc6543ed008b960aa
SHA512 9a9469920d86b75f1a95817e8c3bab4bd4d17d3240b5837d7777859a947c5a0e4a3987f1b0c91c4366ca970acdbe81288b9e2cc170202a972b8394d6c7667bd7

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuth.dll

MD5 419874bf64461f173a2dcde30a9d068a
SHA1 0cedd525d703e5cd680570d79476ae5600cae796
SHA256 fc8b92180b01e3c0579a8ade48fe5c98aed818de0f93de16565905fe90b3d092
SHA512 b5389d13e36424b6d205334bff0c82de657463258aa8cced5cb5b6dcbac6b16c81339c8254fbed77d1f49896c8ae76ed05a05b6afe224abc34dd99cf744ce882

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcr100.dll

MD5 df3ca8d16bded6a54977b30e66864d33
SHA1 b7b9349b33230c5b80886f5c1f0a42848661c883
SHA256 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
SHA512 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcp100.dll

MD5 4f096d96285e06cd51aef7d2d3de04da
SHA1 c90ef0eb5b1a0b1b85ad6792291747fb6307dcdb
SHA256 5bb420fbe28315f2117376052bb8488ce84a3398dda65005b8ae1f792017e9a8
SHA512 80f558c50a71ad9c4930b3838b481e4fb453c38d57c91f7f70c1f86e4043b9a4fbcec27d7c025285504cbf3bde7c50b4770f18121d7818ac58e2ee9c2071f97c

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\loadall.cmd

MD5 571b20f2505a377eea3b6a2bcb2a31f9
SHA1 6240b4fb57d2844fc7a5bade5096f096617a86b7
SHA256 13f7090c7200549b7853e929931ccff1ba29e3497286d37866c14232f1048c8d
SHA512 930b966ce36d21014bfce9e117af38718ad0a0ea1b49bc1fedc6136ff71b043107cb07d8a879e3588dd64f45c2181fa7db6261363d80f5bb31144fda673d34d2

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\load.cmd

MD5 cc59f91feffd99c115c0a903cff28168
SHA1 e83df545f5d390d0b7210f7aac0d4ef37e00f0f2
SHA256 25bd2bd5472fb2097f2e79e66ffc3bb6aa3d2f974bf9b43d08045f09928a2efc
SHA512 46369b7866fd4215620806a7c12938865bf7416447ccd3fc15cfc6f3905bc4ac07a162b015586183e3c35ff17b607ba963f6ade3de81f15401e2d6d3418756d8

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\comregister.cmd

MD5 4c0c8a2aee978f63ff9c9bb91eaa98ef
SHA1 784043ee7acbedfa92ede9c6aface266e6ab0606
SHA256 dcddc8c892e73bdb7e3a05d3d7e5ff8cf193ec1e27497a3c0bf5641dc542ccbc
SHA512 cb22df98ec3e32d315e19bb139e08354c30fd64bb7ae11fd86633c042e9128dea0be1af275a9438f90114d1013d6e662327c3add7ef60797aacfd0e22c83bc62

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDragAndDropSvc.dll

MD5 371caf53098440e460fbd066ed7f7151
SHA1 4378dbb065a7a396d21746207e25f58863ca246d
SHA256 1e734e64d47242eb7ba4a6d128527cf5c7b4d32ad8640b5801921d579b626911
SHA512 01cb377c8d43647da58d089ae027d2f483606afd6686c4bd59e50a1b98bcd422ea833a3bc2cfdebc8f247c10ac3e4692f9ee887dc1fa2ea6de1596bc6077521e

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.cat

MD5 4d215ca4b7e3cccedc021955f3d8e0dc
SHA1 34281419e17cec26a26a39d74408d80c3a7dce6e
SHA256 67635e38e615cc70f6f6754ecc2d7485914a73b80685e057590eb4f72c1b5441
SHA512 13cdc1f631fad080f4539a65a59d050c7e42fad545f3c190bee5a2ea1b3526df0790f3c8f423b73ca5ab3e71ccb40c603174ce31aee77d24702c77dee8ca1865

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDU.dll

MD5 8498781afeeae6dbe42441472a43f9e1
SHA1 a45d908054e6777915c97c2a64a00fc384e302d6
SHA256 6d88fddd662a54924a979cdf1c3f072cbc3e2b12e3cf0a233009a78715435bf7
SHA512 78bf1e68eb7109d71cd28776b59d2b3f38024615942298d411b98486ed60bd01be2dfa9dab4734d54c4559f6affb348c1ec6fa82fa446b376e92241575b21597

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDR0.r0

MD5 106dae22290adf78a229d6d3ced17d92
SHA1 816485b26e9624174fa4cecebdcbd0a46d38f8e6
SHA256 d6d4b05170c02ce95c536ae1a2cdd7d3b7a5b54aa14a2a4c4aeed599f92dbb32
SHA512 a2c870bbb13a1bc9c133e3613d84d108d8a5b940bf416f7c82398125f5661102e8a9f41c9e3aa7b4ac11d7bb9beca2d3c101139b962bb5d77a502f2bc9f16957

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDD2.dll

MD5 6fefd079dd81cb94834423426653e19b
SHA1 3d34874275480f30f8332c3d02ced07dfc78fede
SHA256 d8c3ca57a835272f29ada189c2c6425d513305d53042ccabed149dbccf828cf6
SHA512 3f6fff313816cb89f603012faaf93b7b6d080af70d8f82d1155530958bb16297a84ef23dc0f056d357ec28044a4866e09153e6335a5a3fe6acae3e619e328b22

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDD.dll

MD5 7d2a12509733e35ad5852e97d34e2f98
SHA1 a0a3f1302d0b3b547b6f41b6f9f3b107a208c80e
SHA256 9697fefe8185831374cd8bcc7d0c41ec5cfe40d0ba8a48929cbf8d0fac1e6721
SHA512 6bc07d62d8a03b29f9eeb5113fb30a42d176f215cfc111303a904a9fb4ec2c61d2ca61db4cb2cab80c54736a857b2113b217cfcdc1c5dab740c2a098f135a5e2

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMCAPI.dll

MD5 b94fedd54cfe88c84112cc31805faa68
SHA1 d8467b384573ae86861ef8f6ea905fbd838ae2fd
SHA256 cbfca3fe8d0cee14707ead3bb781cfcdb71af1378054d09cbe5bf6f3c9259cf4
SHA512 9a08e44af9f8ff000253cb3c8e801286203a99610b76b76d254d9b7ea1868aff653d9f73475fad93d83e5a5096624a2e044505ba7ea779244cd4b00a7c367eb5

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMC.dll

MD5 3aec0d63173a168c3867dc4b7702fc63
SHA1 0393c5621e5f6f4e7e148d2dc97f7edd6dc78e5f
SHA256 5736d65e53f1663c72eae70f9446e2aad37493dd59007a105733afe34238f202
SHA512 9e7cdd8d07e60962ebf3138225cc7be9fdfaaa333928bd3faf64ec2804ec730dc4935a2ceb9a213ba2055b5e177987727444f733420e9a629e3478fe65f9d769

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.inf

MD5 423a9e754c1d0067686b7dc1aeffa6b4
SHA1 a57450653e5d9c3126cebe754a1b7e4204044d06
SHA256 586128bd5dc9f67aa56f6b91d133e295c2a2cf3d3eab52672db8bba7cadf3ac2
SHA512 b31f468dfb55de5894962610b09218f49ad4be1148ea8aca9e5e3b5ca4592f0a0ce25d92464e9059e8b52354d3c7befed3db3e57428937b898a8eb492485b580

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHeadless.exe

MD5 c1ed3cbf64043c49052768c658f081eb
SHA1 c809a1b955aaa13059f7a3c7a9ea70870c9cc217
SHA256 adc96ee91e917a7f5718a6a918327b3d081e289d097940c18da79d94036dbded
SHA512 947ed6e70046d99063788c56ab9b71ae6e144ba1929ec1910d02393acb132c5c4cd11304b4dfaace131f832770a06260d02c47b4aaba11e4666af30bf4ebfae3

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRes.dll

MD5 02efb4ef8c50a1d60c657dd19e870abc
SHA1 547069afe3dd59d709cefd8ddecc5bfd32798d7e
SHA256 5831c6fabdb5ff49e965c25184228c08c4c51ba3d5b6b7174ac051b752828687
SHA512 26d35adeed6e81aadfd2e14d81feaf3100939ebeb8ac8983cfadeca1a9b3669e320292286fb07cf89808a027a1286c1bcdc5e8c0f23c8a2c301c3fd7d2fb2114

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfInstall.exe

MD5 0642ecf0ed6dca6938ebed269a3094c4
SHA1 ccd17c3e6e0eda4a701c5a8f25df50c948fc16e0
SHA256 d37b9ee12110b1fe757990b8f9fc7e4fe9350c4d26e52671de6c55203f629fff
SHA512 6e975d77e8766e686861cc6fc9fab195ecb172d4d4ded1ae02b962a285a8a5e9ed4abf46b04777582b2f6224f362db2c035329c78a9579c4f36fd8593afa0a6f

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPUninstall.exe

MD5 5406b2c9bf3b15691375fb30d1c333cf
SHA1 c4968cd87617fb577c6f136be47b53e9dfd7d324
SHA256 c7eccba4a31e43d4b20a360c7858ed7eb12a6252202487b141422b25eb268fde
SHA512 a37cc0750b2a1094b16fbf118a6dcc8745f6b0390c8286540868a77e98eeb17181f67a57c96767e89520d118381d50429f05b082bf509a9b763c7d16de0b5a66

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\VBoxEFI32.fd

MD5 26b623e43df7cae3bd321164407c3e35
SHA1 64ec6d9498e488d85a9161dda25ddcad7fe61e9d
SHA256 0ebd5e6f19f87499719bfdd5827444667eba1a43b35a584052886bca72ef99dc
SHA512 c8e586c0bb46ba3fad49e57da85d0228f716094e31e216b82d3ef94a438f3254227466c0beb2903e51ff5c3a3cbbc9551f0f7097e2b1d2845f34988d76fac16d

C:\Users\Admin\AppData\Local\Temp\nshDB5A.tmp\ExecDos.dll

MD5 e2716246ee731417abee9ea26cec1d56
SHA1 6687e5d8b0b705fcdd9a4020215891d5b7723084
SHA256 691ffd34264d1813827c35083367a08aec974e9f79fb585b7d2d367c83760fbd
SHA512 355bb040570a1ba64a03463a9e6695015c2ffda5f30b7ce801c39ab1a7ba36134bb8fa9b5a1ffd102f6d71091b77133f8d68d305d5c1949ccad2e8eab0258505

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.r0

MD5 a5c0e348e7cc0e4cc570aacf9ffcaf29
SHA1 446506fde338687fcc91b176361b51b0a8133045
SHA256 3ae59d3eacd1f837d3163817731820b93139846021aa8aa7220060d174d6cecd
SHA512 966f4100f17bb3a89f650c30f979f15023105f1db2f840a03b31bf53ba5188ff5994baf110e489060b858296b49d620551111695127da8d0ff34360a58c65822

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.inf

MD5 3a31f44dff80797d944dc1c76abc306c
SHA1 02a336a7614ec019a65a90c971c648c34c814e66
SHA256 f39e3b98a17d4d946879284466a27ec946a07bf869f59ffecbb38451d81337d1
SHA512 1e3382d8bb6f99d96ac9272d9aaac5012fcb31e83a072d22cb4b8965c8c636ccefd31f61e51ac6b8fa79b7fd70038fc259dd45d22b9bbb267f8f17c9b66472cc

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmvmmr0.cat

MD5 2e23d6718ce96dbfc1be7382fead6ced
SHA1 09b89d917222114b82ac1c3476ee31e01c33842d
SHA256 0885d7ea48192a21d5f37597315c961f6f6a569a4c79080c3229e3c443239efa
SHA512 54f8737e7d3139b654860ae0aed9ec28d5c2049b1e76bff244f8524196c4516023a7cf69b03e4151106eba7145f7c8ad5ae5c2cd62d96cf959e97071aa1b85d9

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.sys

MD5 a8071a473dcf9147820fa684fe725ac9
SHA1 33bffd62c5555692d3d314ba211b40414f5f580a
SHA256 f377895a45410c5585c27ffb7a44b68b1002985f0c03f562b4b21ff6399f8eca
SHA512 436af1b9bef2cadfd1ece3215cae1662217f4f2e5a299f4773db6748c6e26a78c3957a2e314c4faa22b930b08b811210b25e176f3a985ec0d9322d66077d4250

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.inf

MD5 d284b3ebd57e803451aee5aa7d07d496
SHA1 4cf6e3f2984fadbd2fe71c6a0d403b2e5c2cc759
SHA256 f2eb223b9f3eb6383bbbfea0b195f3672e8492041d8bfe89505f2f3cc7d462bc
SHA512 c11de75732b67fa2bbb695e60c0c7f75a52cabad86c58d72a05b4f6fca56bb886bf9451f6ef5abcb91c3e65f195176c45eff15846ccc60e7f782fe725685b5ee

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetlwf.cat

MD5 6744dc4f16200c37a96cc3a0e5556285
SHA1 e338196e4af4d5a19b42a2a03cb98447625673d2
SHA256 5aa222dfd3ab9f7316c1c39441946973ab801c00763375a90cf7532b592c4086
SHA512 ba89277be0f910184f0a72a1b0f1d7aae2e540775e86d48f42ab9074e58b7ff6c3b2cf4c717d3d1923f7ff10886a76bf926ebd6189872c6c3fca799fb74b0213

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.sys

MD5 565d6d7e77d6fd5be5ef21fa8188a652
SHA1 02bbb60161ac4da75ced5257633b52462baeb908
SHA256 8517e15ed543bc12a940b03ac5da50c63af1173813640bb1569ec62e45073584
SHA512 7f4763249278e8c89559d0b32646ced82107b440a9819cf9ba967a0cc749114f02f45ce393ab89a07bdc89d6febe047304d5d2e85fa8ebf48cacde814e3dd2f1

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.inf

MD5 127d117df95f3a294b254f65ca929340
SHA1 49f365425911dcfb17ce8f08aa156a66878f0e4b
SHA256 6421fe11bfd94be2a659b4a39483dd71d0c983de9d26caeb22ce92d0d224f39f
SHA512 13e9ee1496af276ae37e8dc236a48109e06b0b044fe05d88415939d3a1db0076a0c95cd7c88e715ac4df01603dd3808a6bf21ccf1ab19895b782b2f91f32f08f

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetadp6.cat

MD5 cab436e5abe7f446f8848dea729679e1
SHA1 6c6175df099341fdd9a67cce631e2fe55fb1dc2c
SHA256 ff9525380df941cb1bd07fd72f27882db4b96699d9b785e4c3078b3cbd6ae618
SHA512 15b3c72e20e3c1dd1f184e6bd6b8541efc798e7d57878bcab44bcd46f8d30593faf83596d5d1e0862558cfd316d5f1967be912056efd0582521548e9c963a9bb

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.sys

MD5 55879de9dca1782537ae1064b2760007
SHA1 f5ad275c3ed5bd8baa829edfe008b626e49f42b4
SHA256 a9bb3be7ce97d0f4ecb78788ffbff7379ab0f7548715049b59a587ded1e8dfb7
SHA512 d8efac11593638fb2baadc7d173113601d3da3aa30efa0af3d295e8f814642bfe81cee7bbece2426ccccda48ecf1969f9de04fb54b44f185ff2f9f740178eb98

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.inf

MD5 2741226667bdcd9e759f536756f56eda
SHA1 cf437c8a63ce26b0e2a573409c976fa1f7c629c1
SHA256 82606488633ca10859a8a80d00be705a08509b35a9c02aef8b3dc70335bdaa93
SHA512 774699f466a423eb24c1d3b5ed45f49e2eac8f931fc7ca825d14a10a19402e3fd95ebdb5c7c2cfee6a4aa6219ffc157c09a222512fb7b3cef888756c1c12c810

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmdrv.cat

MD5 838ca6cdba04a33267a12f9af842154c
SHA1 a85f476eec0f129676a5552e8984fe9ace437118
SHA256 f10c1616e67f2f9d4ccc15e59ee3df8e6413129f6905db6aa84d9ffe7e7fe662
SHA512 3c522db4d5e835d8fd342ce65f0ec876b3e20dff1c9fd7044b04cf1a0f7fa9c7b8766bbbc8ca71a25c64a7e3ffdbc8a04c7b110494ec440806961439b5b9ae34

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDDR0.r0

MD5 f4ed8c30dd14afd80baf61af4f8aef5c
SHA1 e3d6f1480131e932c1473c6b1d4bec6ec6c2aaf1
SHA256 c65929b0e12123e079114fc67e6052e03de5934fb65429d637b6242fb021c5b3
SHA512 922862e372048f29d4eb39c0a2e5fc921e6643e454825f476cfb98780b3d02181b91a9b6f5590d5f4206d7de391aeb6e5e3b72a8a9ca321b77bfc10d9040a3e8

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vbox-img.exe

MD5 258a8fdbfd2097c1eaf174544c40b193
SHA1 80c0565244c49b9c2ac69e72e72e2bb23e625fb8
SHA256 730ce3b17a58e26bdccafc9a929738e2f204bdc57281918d62cd9845531391a0
SHA512 c7e98caf9e0b5db6364a20bf6b518172524e4edaaaf3041ed00399cf57ac4474d95c0094596bc8b0447d88cc27c6c4d1995f2dc034535717fd86d755a0bf1f24

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.94.0\VAddressDevice.dll

MD5 d1b49099704f416236c17d028c2a601c
SHA1 b7b04f381dab7838e7d42d5716652debe287ade7
SHA256 1baa6c717e0b402a75872210e878749d021e6b354d21cb94e59012d2f19a9b32
SHA512 c98a3b8e4294240f556603bfb79fc06a92a436629c84284b7beed0999296469e4315ddab04ea0e76cca22a40641272dd53a88d5d0f2570aedd11c0dbb589dae6

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.92.0\VAddressDevice.dll

MD5 c452f408b06cf88692c03ba5c534bd76
SHA1 8b3c315e115ba8ffbeecc7878a3034cefe65b5a3
SHA256 bc2f9fa16c1899e8d92a5d3a3f7dfbdbb9a1fc124e252259f2d86f207c2b09d4
SHA512 3ba6e6ffe15a3db3c9a5531a6572de75e428f0608a8b8abbea8e1c3e84bd6a278524b818e9b2351d2cf10094d881696e8051272ad0bd741c893efe31b62f6ae2

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.86.0\VAddressDevice.dll

MD5 e618cb77d4bb5f61a88fdb91303a2c1e
SHA1 df3f87309db42eb084b46ac963e1c7d69eba8a78
SHA256 55fd58e38c0a9e2f60b5c03750d45ecf0b1b7b873b84a531c224e4bcaa4bd064
SHA512 5acd329ead414008cc670303f404ddfa68abb67dc6f4211d932bd74f7ccbf36e138caaef1ea35b783be5eb11d2efe2c33fb0088aff8036c3fa738db9f5c62020

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.69.0\VAddressDevice.dll

MD5 5396238bbc8c218e819f6715b20e6031
SHA1 55ab28093742e28424688799729bc46d60a95a4c
SHA256 33236aa3dcaa4714e0e663799a3fac83593c8afb6e164c1c1c2fa3176a95b15f
SHA512 54df0b2dc50a26c1597932e2362c7c3c92afe83c262a8fea7221c15a3f77caa55897d34c675370eb9b7b955cf2398d26c1bfec4d3e0484b0606b57a4cf0f9c1b

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.63.0\VAddressDevice.dll

MD5 8c7fa231e13b7b380f8d2b456bfbedb8
SHA1 66e153f427c44c90ef1e59e92723e95a99f75e8b
SHA256 310e5d67c32429145f05e82848fec26176fd1c50d01418a784669c32eb0288c5
SHA512 a62156e2f6db5b5efcaaa17d30233c167bf6b062d6410636d99e56fd0361d936ff3fcb8b80726165dda7bac0f7eb3b178dd604614a380addd1ba7be508e2e4dd

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140_1.dll

MD5 3b22b2ec303b0721827dd768c87df6ed
SHA1 86f8af095cf7368ccbff2d0fd6d33586145acd2b
SHA256 3b792da47040c3b3e0804cdc5153eef4e802b6975963029d8dc360cb824a7b62
SHA512 79db774980ee132797f7e7dbc0e055b724d8fbf0e4917523b285f918730adfff81022cc6f5e15469b011d55501fd7b085bc070e9ecdfb75c05f4d6622a7f2475

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140.dll

MD5 0c583614eb8ffb4c8c2d9e9880220f1d
SHA1 0b7fca03a971a0d3b0776698b51f62bca5043e4d
SHA256 6cadb4fef773c23b511acc8b715a084815c6e41dd8c694bc70090a97b3b03fb9
SHA512 79bbf50e38e358e492f24fe0923824d02f4b831336dae9572540af1ae7df162457d08de13e720f180309d537667bc1b108bdd782af84356562cca44d3e9e3b64

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\ucrtbase.dll

MD5 aeea6662f0f7819a077b99441c36178c
SHA1 c3a2ec7fd791235b8b1f2371e94f25a1670f7d00
SHA256 cd48756e96740f84a2aacd6c308997a4a36a953cd77f50cb54c27915a5c5c302
SHA512 b4b3c42e716fffe98f1c65bd2b0f522725ab8b43a7739c0a925b850fc0601e77cdc1e2071813229477d129caa73813ef6eb5c4c806d1c48c90332c429365d639

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\my_upload_md5.exe

MD5 ece6882c94aaeab536fc8a168d744e04
SHA1 9ac8a75b32c9f846231994ef43b2bc8e7bad44d9
SHA256 ab96dd5cc65c4bb1b827561496af5712722441cfd9fb3418847e274e7c114798
SHA512 b6b1a8bb1e3877e2280e9ef6164626da2b580e1e9471294898a1bf27e231560fd3540ce8821759a0dcc7b6680eca81500152d666492c1ff7fc9cdc8bd33080ae

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPInstall.exe

MD5 e33988294e3bf2912a26b9f9192e7580
SHA1 66ffa50a155fc6cedc1774b8720ee603045a38a3
SHA256 f6786abfcafc774f6c70dc85ff702c7779cc08c5e7bcc088bebf71b4ef46d58f
SHA512 f3554a30480a2dc8981e86cb6bc32d64311a879d2e9cb922144e7c9dd471138673cfd1348d1d3295b48238cc5931c785cc02b6a4bab1e13b6e15719375e522de

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfUninstall.exe

MD5 c1daa5ef4cbcdf5d4433a3b0e9825c6c
SHA1 2c5abc45abc8a58ab66528d666c2be2e7d22f294
SHA256 ec2c0a9e11a9072985132004c9962bc528269d7a92bd11d105b529e1d6e03e8b
SHA512 ffc650aeb4c57e0e32020cfacc1845813d147cdc5c5fb76fc66fd7f7debffada389ea949f31e70a64d94c4d4d97d9ca2abf45345470bc6c9611a41d746e7f3b3

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVC.exe

MD5 672417b44224f7c1ef624de683755c71
SHA1 d83a5b6d903b7c24ee0a458caeb7c3db80e52fa5
SHA256 66a38209fac0f41ad3d6781169faa77c2e384620221c74fa569af278f427eeae
SHA512 9b5cd5fa4fac913a3c333106b7fc375b2fb1041c3ebd78961ee92c164d415fb5e6479ee33e559a7c869a49d1ad75d4e32ae956d7e127c31d06eeaf56cd1d5d2a

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltUninstall.exe

MD5 d7f6a5f24ca0d92d26075a002875832a
SHA1 64a27dbbfe27f4867ff8c0fa2f0aa5a3f1968b2b
SHA256 d4f5d26bafa4c3e3c466fc9395be81eff8670cf00a01bacd3f5bd8c22eb460c6
SHA512 f0566e17920021feb18758302be8c3dcd3a02dd2f5f6402888b84daf6f86a668f8d692c8b448ddc275f92961a1abba7383591e2f77ef713447e498b9d7eed0ac

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltInstall.exe

MD5 da3e3159116e69f1f542892bd1e2ac3e
SHA1 e48bbf9de386f2d067a29edec9332ef000e683e8
SHA256 7a035ad151ef512f54cb4bf8c9bc8fb28e4ba09dc6035887a118aacf4fa50e6f
SHA512 4c514ca647283c1d2ffb5b28ef30c0cb701655a8edd3b9b5866aa7fd2a4e0e30012010794b451cfa8d2a00d7c1e0119cc627df93ec557fb0020d43ed0e4f1614

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpUninstall.exe

MD5 281bd3e5c84d35301ec837b59c503e5e
SHA1 4fd001158a33b77f15001549db38e4398de9336e
SHA256 10f55e5725a7044e9120403db8284eac76c05f485a6cbb5dbde10d2a616b88de
SHA512 47d02e1ef91d4bbd1d67ce1ee68d61efb29364b9b9066963cfecc423652e7fbdf06e475572f0f46f367e0c23ae0d01fe2dcaf907e84a822822842d3440846ca5

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpInstall.exe

MD5 0c7331875db82690b86948c1fb8eac1d
SHA1 fb2e8cd541c721ef656013b2ae122f440902043e
SHA256 2eb76a57e7546b60b800c38cc340e84210317e16fb2c7329d09bc23deef90885
SHA512 0b27c225c9139351c5dcaeac07e7ae0982bfe340ac6f7efe455807ee242107a7ecd3f2c86a9fe9426ab41913721b3c227d2a226c99ea48792fc887444e733bc2

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Uninstall.exe

MD5 2cf6860fbdd36126ae62cd6b9a68e082
SHA1 0d6de2281c2f83ea206d6a6259e46f980033b3cc
SHA256 0d2e390ba3aa9f706ae4d5cd5ddab06adc8da485df30098c4fbe5b9b03abce19
SHA512 f48dd46a257cf219a0d79ec49d5622763e7db714c87b0f3c659b8e0528b1bda7cb4192f763fa6edead72fee3cd8488c004f8dad33d0048d7873b7756ab0b046c

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Install.exe

MD5 23fcfa8100447716302f10678ec252e6
SHA1 910024cb56024a6c79465f82f55080e906210228
SHA256 e50bef29a5761e459f7a121aca4bd0c953005f501de7cddc35d681434bd2a13e
SHA512 8fe1a51c56fb349bad342c3cb353912b83327f5c51ca4545a1263b4b2af2228f127334837f095ed703cf0e46b5c72fef37ba35a9f2b862c0fd12defee8f36604

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.r0

MD5 3fba4bc28fcf269cae647d13a3b4cbe3
SHA1 47eb1f7dfbbee99200ac47bc9d5cce17fdd78e62
SHA256 d33aa386475bd529f8c3c9edf9449e9b51b71d8a84515390e405bb246bd57807
SHA512 5ac2042ae175938754ec9918014ea546bd70cea8ee2b9670360b9e4043982bfb103d3fcc6d5c811076fa52205532d5b00e3e6e8923144e4bfb37bb852e8bd041

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.inf

MD5 9ef94bd0428340d94cec3ed921cc2eb4
SHA1 dd94165626d95ab1d351298843f77e9ca0ce0801
SHA256 023cf519b63b84224cb092be487568cac6a75e5da2acb394873dcd48d8747954
SHA512 161b31d7870f06b6fd6648f3106e9582825ab81d2279794ea08eef4ec947740b7c4b8a7b4f21e74dff0e2a654cdfcc9f1f1b5727a8c1abb952e31de3b796bc0e

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\mumuvmmvmmr0.cat

MD5 d554aec99709b5e977ac72b2e4cf31d8
SHA1 d12dc22ad13349970effd971c77f9d5a165ce2eb
SHA256 6f0ce3c8c3f125d56e6f6c19afc88d38c4679475c720afc1224ab29b8cfb451f
SHA512 4a441d764792e23d8749b2eec563a66d2a4fdb6c61e195fd76095aefde1b1806f7b5699080c0539df4081f0d15c53e8dd5eba76171abb9661b85a7004bb47038

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMM.dll

MD5 0d7e37cfc49b2a947b37ed18967fddc1
SHA1 134a6b26de675f999a8fdd0f2ee757c8338b5358
SHA256 55eee5d11d82a19e7f7cef79223cc5800535d45592b598954d4466f5c1367138
SHA512 0025a9bc8225c2079faac635d29e7d3e5dbf8d45724765a9055f7c74a97b791e51cf5f3290d118b6667473ae02903a2f3830d14caf69e670741e68ddf9cb53de

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMManage.exe

MD5 a9e4af672f217ef535e9592f5dc971eb
SHA1 27670fb386427d240f91c8503b4f970cc1e6d078
SHA256 7d5b9212da761a3edc07a2ba5f1547f0662be06ae997465e8d5ccae28714e744
SHA512 2b48c4c52ff47d2373b5f3cfd5056595c3b7c7516e66eb3a8c40a5f5b20446fde9dd0440ea814c2817135b1e45a47d08e62539841803f2d1f7e9fbc52961fcd2

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVGA3D.dll

MD5 3165c64b85d9d21a6ff2db42ff09f3ce
SHA1 16e35150c56d9bb9338563662e0185ae76930c18
SHA256 aaaf64798fbbe4cc7362cd3cb4d1aaa55400ae60f406799800415fb36c8367d2
SHA512 1b29c47798f29062cab911a108e289a492d61dbcd019fbd42b7825ccf7720809d0b4f60e29a3bf60595e9b808154a6f61e4b7010174f770b7e208da86799146f

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSupLib.dll

MD5 b1d93f06d3ff479cdbba4e1c9a64f0e4
SHA1 9fd00492ed595e62e78e80b569e1c39cab9de1d3
SHA256 da0b8f8bc0c91b26477ae12d922a1bd9a16d2e40df36407c50f525e2ceaccb41
SHA512 f5471fd9051c055bc936154475f53c5caf538136f48ad593fa23159b1df31c74956afddd6064d56610789b672d12b2eeb8cd11abb91fd02fb74f8504cc90251e

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedFolders.dll

MD5 d617ae87e5ec1821e9cce9c55595e4f9
SHA1 f39cd6f1528ba80a08b6136a0423804b78ac3050
SHA256 60728396bfa0e5843855d4cc265411ca5ca3359cba2a76eae57afcb7b5967ed1
SHA512 5c950841bf205e520261253171d38ec97b2c9cef0bba73d58e6b905f1062d0efb5097fae963d6b5b7372cab865c7cdbdf89d6f5b354c50d4716c503ff8b2bc14

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedClipboard.dll

MD5 e9f78eeed4800371f7661e0cfd10a1d1
SHA1 23fb352f858cfc5ddec37565285c1dc4f35aad32
SHA256 5ab420b5b984105a5ada4bf8a5578dce6c3922bfcdfd1d5f15328ca31296e3e8
SHA512 4ad7c3713a42341a881cb7037266af6b86072b886f4808e8745715c86317374b3f271cb8f36bc532af2646b7a6b0c9f25b11766c4b585e5a8a95b1f3b9add698

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRT.dll

MD5 63e8381bf53c0416252d1a014a0d928b
SHA1 c4db51db0436b544226398800d71273d03c9680a
SHA256 c0ab581ffc2859b29588b70b841d2a008674ed673a0e1717a855b41738269f60
SHA512 813852361f6d4841b9c9fe7df4bf03d57e227fcd73cdf3c1e9ecf72df3e3a2632e0f8f7fda1241836aaa91f72ea03c90cff1a95dffe944b6fc868e685e0a9c2c

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStubLegacy.dll

MD5 a24d7cffa168b8f4a742f80f4f4ddfa0
SHA1 885f8f3160e9b6d5b9cc959a1be91ad78c9f6adb
SHA256 8147c429192980729beab4393b5486520cebc2dcb6b95274d55a196e95d12dc9
SHA512 74350a8937c1c46295bfd7b5ef96902a65de3e2d3bfcd482ffc9ba57a2c82998eb1044df81430038278b753c4b2c47b9ba839031da94a4490769d83741877972

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStub.dll

MD5 7e75f6671b3cdfabf1e74dc6e0521bdf
SHA1 da28f119b7707053abd8fe157edd9d7345ce4c63
SHA256 08ccef96995cb4c22ce30c865515198366cb466bb2ef98fe6b36aab39c331170
SHA512 ff7f2121e381b710c276185e952957f922767e7e225e5a934997bee2c2dc3eab8ab4f8f275c090e9ab7f259879d64bc26b2fa5560d3ccbdf948d8de8e340d6f9

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.sys

MD5 6c000ac4c46fd78b6599f8e45cc0ce7f
SHA1 c1d7e2809834e62326af0a46cf78f14eaac9dd2e
SHA256 05adb854983e9da8821eff5e50cca5a59ad0fa501966c269bd6e937f29d971da
SHA512 9d590138e97f72307fcf431a273f5af80409c9f2eb848b86b889cd1bab4f6a154719588b85093f244ca912d256584b65d7440dec900aab1160f5cd478435eb68

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.inf

MD5 eeb987061c0c9fe0d0dc49532bc1d3d5
SHA1 ce2a9f432e29a78ddfdd20806cb5724d9e056c58
SHA256 bf673efdb64b7e81069eca5b0c50dfb7e6dbb3bb3295f5d034089cd16b528fef
SHA512 8703585843a33021f4bec2bf674702ca7f48a2fb6f8961539e256212c628660ac75edbf2fe9dae37f3d9267d1ab9451ba0e756307d6133f0875fa4f3898c0803

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.cat

MD5 e1712d82f582f98c3a0e78e0d4651c2c
SHA1 6dd1fdf141151ec19916cbb52b6489589bc8d584
SHA256 7ef2dd59e21ca4845a9e09fb64b827cbf6e438e13091fc48ec649ae5fa69fb52
SHA512 0c780fc05b95dea9d1f542e842481f3d18d153a87121ad4cf026d001c8520251641005df7b93c8f17a512cee28cca95afa9ca0ebfa66808e11e19c2ea18c04c5

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFltNobj.dll

MD5 a3ef245f632306e11a5b64a2b97c9829
SHA1 d7dc4179114dfe5250c90267b67d82f2beaa9bf4
SHA256 a8de4f22825c5e406efbe4fdfdf63dcc967337848aa5d6a952abacac52bfaf4e
SHA512 2ebfa77be8475c8f0e60f5bdfa05e74c321e95537bd2e41ae4cafa2d5098bce8d68a3873897d8e26c8ff7758dc8fa11b87cbf2366a92ffad7d918d863af45a40

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFltM.inf

MD5 e87981c99ff763113ca116a3ad696027
SHA1 f8ad4145189c6afc08fbf5429a6da96aa1d34840
SHA256 4364c725e14a761776b123c92cc492c0404393cfa7960ffa173a54961774cdce
SHA512 4566c22c9c759cc5acd69846fc910760b68faf5aa4573d3f01c328d2bcd24d3cf735215682737752c22e3ebe11e6ff5e49ef8504fc72b1523bf995ac223cd8f5

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.sys

MD5 0ac3c5231442f711d34748bc5d3144e3
SHA1 afcb04e915cbae553d82ae58d54c2531d144e395
SHA256 2457a0c4a3176277e7db80e406f1ddd46c669e01f3f741c6cf3403da31e2ad07
SHA512 7f94a88ceabd9ace0cd65cd49297b482f040ad31b5bbd34955b25f6aafce315cb6fac28fa0a1d61614d3eeae7cdf3bd63e4191d59f2d17267870294ad8a861fa

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.inf

MD5 e61b659c79361ee58dc58998e4cb6373
SHA1 d6e00c2002b23b7c4414319ebc435bbd404d3397
SHA256 1a15705f3aa1cbbf47c1b7fac1ea8a3e00e17958e6ad6b674be2bd7389a0dfbe
SHA512 6d7eec93f8dd10184707c2d0c343eca5caf9f0467bd7efc2b1e1bacd2b36389ebe062e3b8f6d5bea479f7fd0b1f27458923c6866cf6e322dd928473b1c72f669

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.cat

MD5 91bab7bfdb03f17ef945f26ba626fd47
SHA1 79d5b9f174562756ce4649148bf9ee4bd2829dad
SHA256 5fab6bfc10c7feb4ab015373ad1368a7b5e2391c3b971341481a995f72fc07cb
SHA512 e53cecbb9670ea918e1946419c40ef2fa3ebea1e067e66fc244a701721bdad108a102d6d7978d9741afc144d4a4540e1142f865ac9932709fe49b3e31419701d

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.sys

MD5 4310bfff02dedf0d13d0b763300bdce2
SHA1 50aa2fbd794eba7a6018141eee510c139408d83f
SHA256 5150461b359ab6bd3be49edd77cd8ff429fb02d4e704155d794989f9b485aae9
SHA512 b181b835006ead6ddffe577a1089cef3b3f56475644433285d7274c6fd9e2bb4d2dd9e3bbced63a4e7778213aebeba5499ecb4aaf4dfc1751d895b862f4fa2f4

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.inf

MD5 a8cf4a14790dcc315d764fa481adb5ea
SHA1 98d562c329fdbbcae881a4ea7148e6b15544d753
SHA256 94bff036fd5caac9be2ce2b60695f5b881e06211d8fa3ac771a82974c6cbef79
SHA512 05e08c8293f9faff2cb65aa0b5172324ae0adc1c73469fef4c42ad252ca4ce068f564bdfffaf134f1f72f6671ed4acf27d44d0dae17f354ef1c9e6c7373e37b6

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.cat

MD5 5b06844dd324d3429d14220f8e03b100
SHA1 d3c29644571053595da3eb84543fb2965fde125a
SHA256 821841dbd1549bf444e8f5082da3feb75fee3f4feabf117b131058d252e5f68d
SHA512 a73a271ad633da89ffd112a9db387e9705edf30e03b18123abbc82671ea471c072be8a9ba81d1e4a7fd853138f64e265f1f01264a25b24a7118d7758b11d8db8

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.sys

MD5 e38eaf43e944f9c03104283f105f5363
SHA1 166df8ae9d5e2d3039a5b9a96725c98e43c268c4
SHA256 e7c6793ec48fd075d74eed04933cd256720e4bc4609baa12eb201ef6c89b8108
SHA512 39170fa2c6649106202a45f4dba9800efe0c9e93035df7a59ded989f746cd2d1de971069ef6aae60d34dfbcc7c33b14756a619b430c0289c54439970cc454e7f

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.inf

MD5 92a337482c3995c561139ea8bd7c405b
SHA1 a164ab90cd6e1abedba0c54a96a450d94be4c93b
SHA256 898574b40ca3ab0ce278899e4e585d653eb5dc3a2ac7da57c904a0bf4b0cc014
SHA512 d46f8d7abdf445697303567845390b52a31f3c0e45e8aa357802e667bd4a0816555b3d841f19672adf69c2c31e3dd62e7e6d788d50d95172ac81f5781403a102

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.cat

MD5 4c8e27b491df706887eedcf71be13759
SHA1 e5e11388cd871f54c8c5602deab7ef8392843064
SHA256 8d106e9f8e78d6890161ab12be359ca0e357ce6ad46d9bdc5d80af3448eb94f7
SHA512 e4ed33bd3adc12e62718d93e5d8c8c4fcb61079ff64d50df77014b6730ea2aac15fbca2abb664e19b84bc9d6bde5025a8f71274b7dd7f3e2e66ef07dd5ecc76f

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHostChannel.dll

MD5 a847a9e20ed786d5b5838adbd8d6cae8
SHA1 beff339b2df315764c14c1794b217dee62d669a3
SHA256 d7f250cd9f5066b37d48562d92a8315fb5e0b6512d205cedc1297772af0c86b4
SHA512 1446db9d00bd26f733b5fc0992343b4bcab8b7122bd3d36d1ea75835ea05eeee7c916c8a408150be8f52a60fdc33f882471dc408f05d3e2f43ca14234c047be8

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestPropSvc.dll

MD5 1a8e7698d6a8fe8bb8fbdc1bc03e5026
SHA1 43c16440a05bdba0bbeaa3dcf9c9e31563c75ef1
SHA256 c02694a3fe45084e7ef3749795b5fc3ed6f8515397ae78fc1a2ca5355457fce2
SHA512 7b46b522880dd5a60a7e41ecfbaf0a36c7e91ca8699147e151ab2d0b0c663f7598266e6bf8a6c35276ad61d2314419f214d13afc496f3b20cb21e0338306f547

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestControlSvc.dll

MD5 d0fe3592f2ca04d63045927a4befc420
SHA1 c831f6dbd84e13170a13a0c8506eca32f1bfd70a
SHA256 42812bbac82102947c8f09911ed612408b0d8d851339da493de021f15c488c58
SHA512 902b34937406d287b4453b78cdd4a2d4f92ff8cf526c03a58e7928d5e26afc5f1907f1d021168aa2f476db941b03dc18de36773d0939da910e922c8423c4e13f

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDTrace.exe

MD5 fbc3c4166043d110d30d388edf4b798d
SHA1 a330be676147deea2c8f96131ccf881880064b6d
SHA256 791c8d5f7c1e2db1d380ac284b784714e29037a245033058d15b285ab87504bd
SHA512 21f04df9d9ac65faac9d8f3a523ca20ecc4e5bb89e27e7db66501654e1b8d5e66119db0080077959ae41287541ef3764177c902e071a6a21325fd87d207e881d

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.sys

MD5 14e93c14b6d5d5d9db26275dfc987015
SHA1 0585447d1400fcd57b86280453915799de24c7c3
SHA256 cfb29a2e7e938f7f2ec0443d5cf25261468e54c616eb74272c43924bb32e806e
SHA512 41da4d14075c3b47c4228cf1ad964b7a943b59c8e851bd2c264d88e37a7a3f525c9ad15683e5b0f512854eb1088c1d398fef8217a7c420d239c5de12c940639e

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMInstallHelper.dll

MD5 f4bbc0ff246a38ec930a455f995bd6f0
SHA1 4f44a3b8002245a8648784fc28a6ec54a0c20679
SHA256 1256e679cf2883bb44b4d4f6bfcc44cb332f3a802c396e787e2fbebe67a39dc1
SHA512 2bddea41502aaf6731e3e3c599190001fbb23604b952bd26dd67b9be7d5a3b17bbe85d1fdda42d78b103394f27c13710f7d49e3272606b2cda267fd31014635c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 23de62628545e89e5a1462502ee42760
SHA1 3bb9e44e8d8cae2148893e8f4063ca438a9642b6
SHA256 8499500919d33c789eae333c93a358051cc9fb363efcdb8a00e8d566f19e3b2e
SHA512 64a226b5395c10c8decf4932a2c29d80665bcc91731e3915ae2ef28a23cb79f78b8a8afee51d77c5a922f316f599ac58af95a53818cf4681d48049ab7172c599

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3182ad103ac23f80d4f2ace335e1abdc
SHA1 205cb93cc2a943ac7a3fff243f38e5a103afa127
SHA256 ba2ee92201862c7f51a5e254bfddf1f5f2be3acf572ac4d548ae3090a291a597
SHA512 b2943561186976943baf73366e5a98c42509db675c379be37bb76abf3953ca3dfdc9b26914bee5e6a68b34329937736fc081c56208e5d5a6ac9532cc4c2f8c14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 327b632a0c92b0d8e60a3e00cf027c92
SHA1 8095d221e195781afa038c4d0b71acc700480f8b
SHA256 d9fc4dbe0f81c0402e13cbde97c1ea8fc6cd3f4b26d0ed7fd4ada6613a464b25
SHA512 c304d0754d2ba6d8b40196f78e702dfab3aeac9dd13ca0d1bac0f983435c60a1b6c9f2e7d2e95a3e5f723eb357dcd25b17fed7a01a5f447bbee2c8b75bc2de73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0c9f1049c27baa865af0eec0e95116c4
SHA1 3464829944acf691e7e58a6702477d503862bb09
SHA256 bf584ffbfe34aa9e0d75a00404bcd9d6956f3b1b61e55126d4c56ca782548533
SHA512 698583014f556b846e750a2cb1c518b2db3d92e81ea75ff70a3a6703250f417b0aeac000926c09533d9a7dc6f2297dd0ec3a913f3c1b911d82f7b7054f966d6c

C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeforeScStart.log

MD5 0649d4c069fb3136de50d9ebe44b7cac
SHA1 a58bf5d93120eb91eab5ad7af282c99c0e36c4ba
SHA256 aba93de5e732f49ecdd398b49f44752478a6ba279222bfce8b622a37124fbcf5
SHA512 829daae9029c6741c06374f2b7f642e88d3f5707d7eb9ef45692a16d1a05f8d6f66305ddf51a222a8748157317f76c5115cbf1bcce0cbbb4b0c4e56a50813854

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f8185d616b9ee5c908e90f449ca1ed94
SHA1 db241a0c09e45d7c26dcd348c17c9185e824ce75
SHA256 e270009f08a4b55a2226588d65d65794270bb008a729c80e0f129524bc22df69
SHA512 d83f79d8fa1c4b71e2563a064b6cc42360bb741974133d989938a8a41722556c35b60d2b8fabf360377a543f3a68d8ba221f153892591d3c393e28c5a0086642

C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-HypervisorDriverUninstall.log

MD5 abdafce361b743ce2b265c8fa2b9c1ae
SHA1 dad27f32a35288ec4dd75115e2b73932968c0241
SHA256 54aa3c35d1230b46f7b3db82936b288312f7b1ce654a77252d170c5f38aa9124
SHA512 fcb6f7c029dd38cee4d83af4af4a0942c94af053c2e69f32566ab214febb413509876c79cf0450d7a0f81b167994aa15f2d861c3d55ebcafdabef2fb9315a939

C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeginUninstall.log

MD5 6bbcfd360c0797e6650f0d3cb1c36109
SHA1 e22b5f6a4654134d687a3908464e67faa23d84ff
SHA256 df023ca139e8dcb21f0d4a603b34af95f980c1e388c97e4735dd698d0329113c
SHA512 0281c1cc1b104c73f130068a905e37b75f3c3a40884d3e2cc421aeaf6a3c6b938393894fe750fa7de44b9d0a25f9b3c11bb386fd133b3d710a549632ed9ea604

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cee7d7d1220e28375293885481ab8b76
SHA1 8caf16fd65aee9cd587060f467a7da3415889acf
SHA256 0d3b4cf26e7639fc8f21cf5088272a1fdd9e19ee422350e981c3f056c5e949eb
SHA512 03c822958f8014b03b2bbc4361f97be49a512d6b807ed06c4258b925b9680b9f6b662f5c17da96d181ca1ab5bc832813858a7539efb45abbabfd322e5042e435

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 10e207d467d598094f297a3864e750f3
SHA1 31f4ec42967c4d4b653a06338551e4355beee6ba
SHA256 eda8aebc67c6a890956aad71ba7e1c67506e0f18efaa3b951c123b98c7393a8e
SHA512 208b44a756f1c17a494e68cba41a6038b0caf7187f5776fef2b4f8b326f5f15e228435d67a94463cc1e06ea4d3c0292f23c24af96a9b1753b249fa011232ff45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8ac91ab65753e56d0f65abad36b24b58
SHA1 3836d09f8314625d871e90d21b5053c617562700
SHA256 906f437fafcf9946167c1c653b6ac26129c347e5d14aa2d524d2e81012b816b4
SHA512 86d5dadd5f42386f79f2040ef196b6c17d45408b67154765c6e980974fc698ad59fbf2870e69c031d5ca9eb07493dafae4b7c4fc809c97bff5b8b1c80ba7f858

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cebbe8ae01e930320e6f8450e5fd27a2
SHA1 99b325cecc64e1b952a5e1dbaa9b30730da3c22c
SHA256 e50eacbc4664c22dc1ad86f892ddb9f7d35156555eb65f7d51a30897f46bbe8b
SHA512 b0a88fa266af604d063144b643aef93dbc32cd4f9ed0ab48f57611f2af06e73a27aea6f9967a0ffbe057bfcaf65d809c92d1f5d3dfe84b94ab0a86996490d396

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\SwitchSpecifics.qml

MD5 e6dd3db4f8a582e30f07b77e801428f0
SHA1 d207e34278440fc9b47c6480a47fef13870ffff6
SHA256 a3fff66cd7217029792e7fce403cc658b0ea03b2d3a2860f57479c8ea6bc1372
SHA512 f58e27d7f36e05cb1d6277629ee2e3cc239b2ba73a75d1399a048191e4443dbb1360922b2cc0d36c3a19b04fcdb64f5dbbd0a838736dca658b9caf856031c5ea

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml

MD5 5435f060331a523b9e5db9c9957756aa
SHA1 e0f07b59a0ac83b7cea1716cdae4a59aeafa396b
SHA256 91d7772e4a193e91a093d59451508cdb89448eaffb4febda26789777afbacf3d
SHA512 536e731672c1348222490d39099712c7bbcbf8d0c6be5d0f3517c10feb1b47d7942c18703e18c28f36774546a41f18d61fa8096e022a82947d43b11a2641d187

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipEng.lng

MD5 435b72435a89a7dc9368f43ed72199b3
SHA1 f4c4e96c4c2fcf3742ae30419c351992968657db
SHA256 46e788ffdfa4ed917ecef44ae1a47dc1885427d05289745e9bfbd4adeccd6a71
SHA512 ee80154d2c7fa5abeefac8acf5088397ee617f627cf52b1ed8d91a6a4a647d74ac550e2531600019d83e64074a2b1d6cddeb34868ba338b24461d1b29fa3dbec

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipEng.hlf

MD5 e6afb1ff561e400b678d569783691785
SHA1 eb2e563aced611061bf8a8eb06787df98a069998
SHA256 a3343040838101f95fc0df8828f01b8651f29f3e0fe692589f01fae387749926
SHA512 4bcadbb0f3fe68dbde5cfb677ff0c882c57334a36e81f3f49b10c3897d0f8d4927f069a70456ef203c734bc715a8d7ed57fcb52249ac88ffa6e05b28ff8634a8

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipRus.lng

MD5 a35bc971d1cb19276893270ac1593f4c
SHA1 9a6f96abd7b12ebbc9f24ac42ca4ef753fd52388
SHA256 18a247e9c486ae03b0a842b328e8b2adbd5c4c758e28c2b409e29c5a9bf1a9a9
SHA512 8cdcabad3267d6614d6eea77a5901f44cf601eb865f6958f6dc56110ccbe6a35258ff9692a6316b7d4471a716a4365251c0b9c1cd3d93879c5d14c2a00b4bd0e

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7zToFar.ini

MD5 907127a8b6c38ecb502b5186f1529cc8
SHA1 be61fff438d3c7e0c324b469bce2f7d9a54e0167
SHA256 8e869813a812943a220c2dbccc306edc46528127b32fa1a704a01c21284c6076
SHA512 c6fef172a7b55f52f9c2017564a0ba5991b064ce4ee48e94636758c5bc52ea1d876842a7874fa2fa45c339dd6c54e469078d7e944402a98384bb8065146f549f

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\far7z.reg

MD5 d0918852a0c0ceec63d01e17cdd72c54
SHA1 9977f7b56c71637e0d16cf546e41ba17e8500ab7
SHA256 3907d7dbd11309add2a52ed781d630869023f97972477aa2f9228a1d1ec1765d
SHA512 811ea2bdac6e12cc731fd4fd055c1327352d400a2b8b63d5315ea7f76eddd3db8e2b26599751da29128c5357c46892d68f0e16173d0912d90ca607b5c2aeced6

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\far7z.txt

MD5 e1fa666bc582130d4700a3fa7ea77a2b
SHA1 e25b35af508ae4d0d8da856f7f52f06cbe21a6ff
SHA256 6f464cf2417fe86d88634a3be72060b26b4ce695b9bf60e46b1d8fce8835b2e5
SHA512 d9081ee4dda676b624e804389ac6e53e1cd62d1329c9dea77194c06fe1b135f2d2180b20a9047b753a5fd2a420b3e8eefc4f60825d95d1970b77e283658ce3f0

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\7za.dll

MD5 a3a7171df4197d614bba55f6d0b6b299
SHA1 4804be364e103d790f43e87189fb6dc4ce7cb2d1
SHA256 143bd146195f5820ba80ced47611232eced566cd57faf92a1572bed64fa3d38e
SHA512 6612effb22c25983ab00caeb12e757397b34f20c2f7a7b2d56ef90348c411ba44cba475b53338049067e18ac232eadae21001f6d8939214754dd32511a0fe855

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\7za.exe

MD5 0792a18e287f2658d7f08dbf1a3b46bc
SHA1 53993dd15166bc923a266387a9fe77030f53d9e4
SHA256 c0887d90bb804edb3eab48a8e87e9cff2e6ba00e6800769878d74bda21a2e754
SHA512 c82070f1d725d21a391bc6d6e25626aae1cfd63ab04e41197c220dd6fd160a5540f6af2bfd053c35628f6fab25f5c23373fc528303adb773f12f386fb1dd39c7

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipFar64.dll

MD5 622ae84a621d979a63a405807f13ecf1
SHA1 4b229c5e6e025e1256845842d6571ba24371a110
SHA256 2fd1d890c2e61963edd157f5ad6943b53a4af0758f1928fc32e7e135b794254b
SHA512 baadd15f8bbf8d733b36ab95691bda0b4b7573ecfcf6e34984553ff513b9fa42b4c3e3d0edc93f4571ae6340d70cccb2584d9c5c5e00d52b21c2798c2d7664b2

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipFar.dll

MD5 8e37d5ecea569c7f6f19599e4fe3e600
SHA1 7e9b686d4e937d425bd578a356ac4b763c6947cb
SHA256 af37a68cb9eef8508c3a27276bde2a5972d0b1390ad604aced00d74376d692ac
SHA512 ec10c41eb2d07d850d98535c49bbda1e55bf12a2e44184f4ece17d1ea0fbd0ed26680788b18803581ff37d734ba8b255d392127e3e8535900e7e835e51436453

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\7zxa.dll

MD5 6ef2270f72e28f05f3e40df51dddaf34
SHA1 c0813f3063886b1d4fb0eb640a2c7eaa49fc3301
SHA256 b7fe472c2c38e3a2761ae55aa49d92e36ea775c952a97d8ddcb3481d2f3fb83c
SHA512 b70fd05e7029933a96c3e228ca43ebe61a8a2b795205a06fc1de7e9b1aed491fe8ce311371653b08ff9edb3dabb0a11b4db305b1d28eaf7c8568d2867fd1d156

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\x64\7za.dll

MD5 4bcbe7d147885e422491ab803c31431c
SHA1 47d49484b874787616ec646736c63a80125b6d9f
SHA256 ee4b4651a7b2ca9dce94b7c274d9e9f80b272be3cdf756f421a21701c60f7d5c
SHA512 ac77a1a7ad9f816859e08af28c99a4f1a1e7c88dc3452bab5b6d8c9089e97c23ec5d63283e8992b8f3c69cd067fb7ad66cfc0b8532b447bb774707cb56ace422

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipRus.hlf

MD5 569652a3dd367d005bc5fafaa4a62b10
SHA1 0861ae8b37532f472f323847ce25483019361678
SHA256 5948a065297a96e431922390fac9b01ea43ca6d3d92967214d270ab15c99800b
SHA512 ce59133437f687b68c773832e1c70055220dfea76ba75163b5790a4ef470402c44cb120e57bbf58810bacae62c2b0f3cd31d87854a9656368cde92e38532f391

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\x64\7zxa.dll

MD5 b217928e1b800f08cc3391c96c13fd68
SHA1 eafd967e4398846cc26b00e33c8a3ea8008a0563
SHA256 2c3a4ffa355e9459b6affb60f96d827f89a895d3f27a62d112b4e621674166d3
SHA512 ae646a7fa11d37c21d0bc4494ce3ce183c1eabbd3570d6717bc3fe4f7c1626808455a6275b7d1a58a4c2c5041d068a8fe3102347503bc503bbfe8701c2edcc46

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\regsvr32.exe

MD5 8e02fbcde02e70544d4fe8606b450f80
SHA1 16c111a820d386d777e83e42783729f8701e2e14
SHA256 faa9da3c34191dd8eaa6ebc775316eb06711d44b5b66dc739c69eb8101422fda
SHA512 07eb34835f0774db2a899a754deefe03090c898727565ea730acb0c3b4aeafd17d1bdb632d80d1f7a042efb8b9fa0d8a34b9c41e76792463676b4ada16ed20be

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\Qt\labs\qmlmodels\plugins.qmltypes

MD5 8f8110cdd79f2aebbbad3164eebbb355
SHA1 df12c58c841565eeb5ea251aa629fe70ec9faf2b
SHA256 d02e60f465ab46511ba006f7abb03eef67092b7f10b0951e06eac74bd0bada78
SHA512 9648ef91afa34d373daa29c18873b0ff983762cbed63343c0d503c6359506b437c333ffb21f212ff6e2947be7fd2933619d0ee7d53c0dd8265d67db26944e09b

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\VerticalHeaderView.qml

MD5 8e482eec4c25ff3f720cd129abad011a
SHA1 4d9c2525690415cefec2d31c331f502df3f24826
SHA256 4b0530b34dbb2e48206397b6b0e98bd319b2519c591221ae72c512827170519f
SHA512 e779d3f0510ebcbef981e8d6a3b5eb29ddb68330b6780193d6b543820c512400dc612ae87737a3ce3274b0b3521ac8b655431a5e1a91f913c96ae2495c7dbcbf

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\HorizontalHeaderView.qml

MD5 f2aebe2d5870f722bf929a4b73ded8c5
SHA1 6799f655ac6455d619391eafaa830bcf96e1dbc7
SHA256 1adfdb7e95134eeaa36c900cc54b5a6eb1c0f5dd1798e061f629522a37d91b74
SHA512 4efd5ad7b200d048691b30163bbe316cd216a8960fc6b479078f16d8ee47462a5efa1efa00d675d3a6a69863ee9d7af9eaf2d19e5a17461961b76839389cc77d

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\D3DCOMPILER_47.dll

MD5 da754d87f769cb21d9d2847ca8754152
SHA1 27a4eff95e7f4a359718fda7138a528147969b27
SHA256 8c88c162010a8d6b80f2c0433d4ce973ce626afcbc8da5be68bfa2ba68341eba
SHA512 59bf5fffab8e36f0e9bae29969eb051b6c99367e202874fb627936aadd135548bf84479b2d3e66920fcd7344e605caad1e547ed4acb817a7ecf39b166d8687fd

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\FrameSpecifics.qml

MD5 d8f52bd43556b4823a8cb2cc7669fe44
SHA1 222b1bfea56b3a415d1c5887c5c2fa089c6cd352
SHA256 3acf94a8fa5d2176b640145966e6f94e3d3c08a718c3fb03649523ba798850d2
SHA512 7996751d1b4ccc0b73fc8b2d050c86714a9e9d2b5ced5fb26bcdbebc76bb177fb90f1d23023c58d2b2f59070c791bfae28142d8dec47dfb6f8180805d71f8630

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\css\system.8296631e.css

MD5 ed36b166e707e77bc0c40131443bb0c6
SHA1 6b025833490dd1a3d33e31bb97127fbdb6e41290
SHA256 d74e27a76266c106d84e3d52291f07e0b78738e572072be39e663e8ffd83e512
SHA512 0a70d48759f417503051217a05469e5df6ad446e8e7b4ad397c9e1e2e4351830bf14cfba4a06e129346312bf189e889a84eded0b198bf018123ff58826ae0882

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\arrow.0309f108.svg

MD5 ab5498711503448ba98d5161060526a3
SHA1 43f3d0a7cfc12bc6b326e14c20dcbe25a9814bdf
SHA256 aace3bdee8397c43925083a1d8e6453af59ffb7abc4cec10f2adeabc66d6cd6c
SHA512 ebaa35e933b971f278f45471c5b724e7bcd14f168f74f4ebf45077ece96a650b22e78f8e26dbe34bc18e6364c6afc24d4ee08b018d2d4019188a0a381cbcc25e

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\ControlSpecifics.qml

MD5 6f2d0fa6bf284d885821f199bbf57a45
SHA1 cb4e7c4a13ba245774ce36c0393273609d03a846
SHA256 8bcc3a8274aef505a0bec07ee1ec9b4eebe4b2c4ed7afa96e808a7b7a77f4cb5
SHA512 525d081766a45843eebc25d58d3115009a1acb7986e928a32d1f0e168c4469d0d42cfa6162c3da61c6a697154974f8a0ec42a085a4e4622696a6d808bff2330c

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\ButtonSpecifics.qml

MD5 d5e13fdb75ad4dbfe225397469a5bd22
SHA1 5e0c7a6619b715a79d91a3157f13d22b8225808e
SHA256 208e10ee8ace1cffad89d2745745909249ba182470f65e6563857c8d77839800
SHA512 4278a6fe6bb0ee49d1e43e8e8a40336cd84941b29ca6d31d776adb931b4858ace6bf8a8896a4dfe804f550eab97b2a3c1c2d269e45e5f84646775a989b76c273

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-id-json.4709fcc6.js

MD5 218239c6f137b8a5f981aa22c204a204
SHA1 14ded58c6c08589be5b7f52acbd9bebfe581b407
SHA256 12f6e4a8e59e519d2a0f62f0d3b20f200ceeecbe4728db0a071900175d5d8a91
SHA512 5faf576c8937e8e8b2d0609b6ca9ca9ed878ab34e5303c90b534817699b2fe5655dccd45ce72161632de424b938a0ca13dad8930c4dc15dc922ccf9130631dca

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\css\mine.13939d83.css

MD5 ed5f0333ea4a3af7ff84dd1a18bbb373
SHA1 e8d7f484eef647fe13281f546980b95679751806
SHA256 7866e741694c8546b6bcb704dd443188b8c294dc3528355ecdc7c6a953e2b879
SHA512 6d53bcc30fff9eefd74ab7e5a18f1b2ea0cc01234f3a89683850b8c535c3151a8a7f512d00850a72794414319435f2e7e11c25b4eb2e6d0ee5665ea8da48d0ad

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-zh-Hant-json.27d41893.js

MD5 44ffffc75b554c6d81c2308aa9da6ad4
SHA1 9c400f9548e96f04304a0c728a5e7b157a8c7e43
SHA256 d8e216a387dab410cfe1133c0c45e64596a475a4adf0bcede1eb2f6f221f1638
SHA512 944182f408b325cc88a2ced26a4c244b3bc45a3a6f8b35fd908fb523e102ca46e70525c393a2e1b93365b3a3363a093959087fdc18361ea22035bf71d551efdb

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\close.a21d6862.svg

MD5 a21d686206c719b1dca8ae2660ec7a0f
SHA1 614c1f07da6e2dfce46143e7e4fdd61900a5a059
SHA256 9b8e162dcdc46211b7896873a10a813c38b25a989724eb669252ebb114b962de
SHA512 87baa74590842ebc0944952e26f08a1f768774c37f646275c8e90ba69a089e33df31fe8c593f9ac36831dca74015ac7298da38c23781ec4908c4827a9632223f

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-vi-json.bf26c8f8.js

MD5 f5a51f0bc374a161aab9211bcaf748ff
SHA1 2940acdbb4a3604abac1fec81c545cc6e1afd221
SHA256 55a3062467c5876cc2cfd83e1ce3a89842b4c66dbb98431b1c0309d14b6243eb
SHA512 45682fc3a3998f5ad006e19adcd1b69484342fc90c6de22f55abf6b4f7b2a4654c20d4b961d37995f010b61f00ddd92bf4e9a988852e3c13e4429eddff2782fb

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-fr-json.aa3c6f9f.js

MD5 7df8a16c0f8d372d1b2732308c89f236
SHA1 9b2c3b3da03b9829401fe2af8c9aab817c7f1f99
SHA256 cfedc25e785d972a857f61517e3e4ca5026de61c3ee3d75caf636c2871e8f8e8
SHA512 5d90b953167bb41804f8b5fa47b310e13ed74ee385dab15e9446d6590fae6b82dd980304f33a37ae556050b2cdb2e24f030592218531cb674c0af23322e9b559

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-ja-json.e35f39a8.js

MD5 1c1dc1f5a7761319e2e62d460485df8d
SHA1 ceae9d0747c040fc9cb2d3ea0348f2a097ad7a65
SHA256 31555456a0b06e499138d9c38c712d3064fa197cc3e002aea5e732157625d808
SHA512 33f36c715b2255e077c0d59bc5a09f2b78f5a294d133a11af2870fd715687c70dfec7b2c15cdf0fcdcdcc1b3821cf0b4be212a4a2b78be14dd2c4b98149bd779

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\chunk-036b24fb.37d3a631.js

MD5 cb9321ebd6a088abd4c64a468d5d866e
SHA1 1e1ee2b52eb604a77dde2fc2aabd91a3ee9e3195
SHA256 152f7767ce6e84de8363d4b6b9159434d7dae63cf752d3ad6880702ed47c0e4c
SHA512 3e089686e21cf5bb5dc7365a895c9ef31eac356eba23a894b2791ea573973ff1a998ac3571c16a5cd5e3983defa1562f3db3be4c7c9b2acd74915c2c92564ae7

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\mine_icon.fd50af46.svg

MD5 fd50af46545e41eb3d12a6d75e238135
SHA1 5b2859fba0b2f7b70c1e332852d5425d6516201e
SHA256 d3b79bb9a9540ef66f22c4d51fbdf3ef1606450548d429a6f48437a09d86e7de
SHA512 84eed3d718cd8500f59ec5e2c2859eadf2ba4685df4cce4a30791a2a1f755061032f9c4029336d7a20783735ad1f23c1ea1cab05a34db6decc3e7289e421b77d

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\close_hover.a128114a.svg

MD5 e208d7f9c4a98b232a46880b19f98d0b
SHA1 6b0a1557ddc4d93959a64a54d4305ac97e5f1542
SHA256 c52addf07e563ec434e36c042cf4b83adcc4425a774d847f774661b8873390f1
SHA512 41f9ffccd47709694e0115811f7a119138ab64ed4d7ad337d83bbe77fafe016969e19b9967ea5d3435477c6d04461f1b0222559d5f9bbfc41ebfd2558a81d79a

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\system_icon.b15c6ec7.svg

MD5 e37bd68faea64f598af8bbcd24dec74a
SHA1 b61468e78ea93ca9369ca0a81715f69e835d6783
SHA256 de839792f1a7ea69dfb7804ae9ed285dbc17b72842d4f1225e7011687cd7cca2
SHA512 96847754a227964a6d798294cf4195294635579a755521be9d4cfa04aef84d2dc0ee3f2c36b7c4131393c73fe69e6689afbf18eb3ec7de91b1f6fbd9a9d70106

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-ko-json.4d661dee.js

MD5 391c2e2753012c6f5a7e5da997af327c
SHA1 0ac8a36fc1fb12fed0a1bf638fa104b04ccf5d33
SHA256 61549ce21eb1f8c921dbc6df701567a5009f1894464bddf8ecdd3cf93559c614
SHA512 fa4f85d422571ebb59a4defb4d5445e96384426e174abbe1a46383920f229e2d1070872049d2d00f5000c3208df5db7b47322abebf7d95451f0b7d1de8deabd3

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-pt-json.ca234213.js

MD5 dec9007cda204e222b45c59946ca2b45
SHA1 6341d547a8d050ec13491283ed3c73aa5d375c15
SHA256 8feb57b228e083801a1d5bf7c36b6e78f8c97c45f3eba3ef52dff5c4566807b0
SHA512 8806bf1335877fd3c4272a57b2de7353640d9beeb342d695ff5a86b3f313a117bbb7a4e9e1baa58c0f539042a73a1c347b7c5ed773083e880703fc44ee1e88c7

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-ru-json.8e3adfa1.js

MD5 63591cb6c2ccbc30e7073f0815798394
SHA1 779e90a3428c4a9d60080bcdbee4bd3ce05011a3
SHA256 079f9067619dbd4eb5f9d2eddcc3c2abda40850e3394d517ebdfec0e959e8ad8
SHA512 f82800a95a4d1fa441fd51b6fb9508eda3ef44c7b98bb00af94bf38bf0268caeb0a650765aad63f2ac3437f7ce8fb36caa3a855e13faa54387841bca390dbfcf

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-sp-json.42234fed.js

MD5 89824f65d47c04ee20c20e567e76c1a2
SHA1 dab473cbc6884dcc8578e28520887adf9bc6be84
SHA256 7ea583af448fc48037a1f2f88eae6651423b9af87b11fa2bd6461cc7416d4b42
SHA512 37187bdb0eabc0d746f2c402327abee17b1de139245e569fe6e0f6ac145e674277b5a4f447e1eb308a2bfe7a6ac5e47b42f17f1294b6482d2a5acbdbeb893f57

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\arrow_hover.08332636.svg

MD5 08332636322a01ee1c0ff398c5c4f092
SHA1 9349e026597b7d7d7f2661b89343765c648b3471
SHA256 b651c5ff6e84dab6e39911e70fa211ded92b9579294dc80a869364c3948b4753
SHA512 5bfae78ca6d94dcde62811e8c962c58aec86fd133509e132a085425250852acb26e919e92f4d2ca12952d5decd1154be51e5a7acbd874ff0455c9dee1e0e0c9b

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-th-json.411d4788.js

MD5 64f621dcb319fa48b457c68c11d3417f
SHA1 8843ad6d94b16e981239589695a49766ba2333bc
SHA256 3f04cb1c0ecde109b7a192c242388188d60899715d61a712e0ff1c318da5c561
SHA512 71a0ad96f940b77ccb40381cc99ac5c2b1910b9ed4893181d94bf9d13809fbadfd2e8c43556b78e068978f5b89afa706ecaec2fdbec199310248b6bede2f43bc

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\css\app.19c9a55e.css

MD5 ea9b7592e3ffdeffc0fe254542eb245f
SHA1 9e4775041295f3ab3b376297e002990a98cab112
SHA256 73aec936fddb36bfa9bcceed36d9fce8636d7cc555633c315510254fe1eb8f7e
SHA512 10c1cd80f4003e0045414c8d8bcac4b74115cf5f5774cda3c71e3bcbe2488a1a8deb33e57e1a5ce148b65b78f6b659af280e4a6583f7aa119cb4b914b3eed331

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\css\system.119b6500.css

MD5 69144ebebed32c1e985115e0bfd6c4d4
SHA1 12835a228098b7383dcfd3cecd51255f45bc4083
SHA256 f198754468f5b0eb417273d6099cd70cbdf4bfb1d407212aeaf403f304d90f1f
SHA512 4ff6f79c1c41d9fb7f027817275cea55f7c037098e5247a773a9e1f72dcb280a372f9184b97fec99bf329cc36410bf0563e1545323e958c203162065d2c43867

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\chunk-vendors.58d9e06f.js

MD5 3202de156825fc1f73a3e245d82f38dc
SHA1 2d03b71f7e420cd12492642c6527e17f9f48e55f
SHA256 88cb7093bf3e6bffc4a27209846d48e73d427f65ee4829af1aaeb450c65aaafe
SHA512 37cf5bfbc2c49a4154377d5d94200e169e8d582877f8f62bd713736e50748c46e0983710d3850953d901afa295d33156c288311b76fa59df7695cc7828d8c828

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b941d7480e168d47b8452231e1f27f8d
SHA1 7481832edd6479e9e772a6adcd57f5bc0ab79eda
SHA256 dfc11edaf624fc8cc037e43f4492ce74e0d3bae20714170772dbc7e659748bf2
SHA512 d922eb4980bb9b1a82f004faa5ca82fc97bf4350694bd2f2ba01a8b6e3e8192c858aae9a3ea8aefe5311845d1d263af07090f9ff00c527b83fa0a6915343c0ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92a8e85c880c75b287c8f4bef67a34b3
SHA1 ff9660a07c5efe646ce0d93bacbae6bdbd408051
SHA256 fc85efae089a0c58446741421450c4a4d17c17dbb0c853a91cebb285d9cfe7e5
SHA512 374fea6079f199c36ee6bcde48f4052173f571755df0053ceb9e0d6759b1f631f120ad1f44dfcfa042e1382772f81a8b7fae702bf4ed1500fa3aa7d9b4fb2f5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4c42f9c30166d44573a4a541341baa79
SHA1 208660026dea360b5220595e91d95974c89bbc76
SHA256 9e638118c9bf455ff6987cd79b641fbff10e0d2816021fdcbadc059b2057ce58
SHA512 e7130bcdea15f22344626ff2889d0275da5d7808945a10a9ef75b2f462f4a6a64cd033fa0da35084d930b54f4f6eab35bea0132e5d3f031a1d1bc4215868424e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19497295415a94379bb8021922a241cd
SHA1 ae897e0b4d0ee0385340505603d14cf727ff84fa
SHA256 4efdb331478dc9ab6a1223009e377ba1e6b50163210fe427fedcb477c97b007c
SHA512 e6852410429551527afaa3f1ec0657d3ef3d9fb134d00e4890b8bd8e958a41945c16de729c0a352b6d4d9919581641b0815985ee5b349a55cb020fe2f3063bb1

C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scCreateMuMuVMMDrv1.log

MD5 b389125ba0e9d4252f8bc5cf2e164f0e
SHA1 fe0a9a674e82b6c008146f653fef68fdf4f120a1
SHA256 165fce4e89791c932caae6b5296da9f6f8ae65ae959da811dc7acb9a6abbd352
SHA512 cd91e53b5da442ed1b75d56a1eb86bae520a50ddfbfc2d35f02a18a8a4ac5b61f2b0406e0d8ef05dfd43c3442e8ead04e7006b0eaba8a2ae49cbd725378f4854

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b715f356d23f155fffe48aeb0ce3b8e1
SHA1 8e4ef36ce2f68662954f7384f374c484bb9ed7b2
SHA256 494bd2fb2a3b26c52ae1fcd7e55bed2066fd6c45168dd10a3c1d4cebd506439c
SHA512 63f9aeaac9de059d508bd425fabead37f0d6c83ee1df44bc2d3426ad5fd43b8a845788b15771af3ea7651078ccdaf25ae214a59a8bead53869800987851038a3

C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scStartMuMuVMMDrv1.log

MD5 13afc9906554e0f3d222d7cf6b11a94d
SHA1 08cfb5c4afd4c2670e3c43157215c17dd86d1f4e
SHA256 0fc284c7ea4832eee9944694090f1feda6e44f4695aa8f3e04dded56b6f47bae
SHA512 1b8825014d6539ea504de1a50b9e203ed8bf036d7d17615b6bf7c918da9034732239785b669ef91d7968c9ab4898542cf17fffd2018c62c5c0713fe24ccbb8c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7503e5955646047b00056eb8a473d129
SHA1 ef9d730da01f55c84a939b12659c3f38fe448f99
SHA256 fb19a9218330affffb795de6bbe0fa5473e78150cdc47f851e6fabf2379182ad
SHA512 9ec0df18944d417f615e15edaf2a24fa31827845b0c9e9a8071dab74a6edd5abc4f6a216e9492b10981b290b93f2e1f3932178a9f934d388bb06b56f3e48ccf4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f63697545888c00a8eee8808e709d2d8
SHA1 852f9b7b887c45a94f10d9c312fe823d34989cc0
SHA256 01338b8128ff8eb82d4762bcc8d00ec16f1977ef9dab57d9980825e392e8bd4d
SHA512 4c1948ddfb37fbe21c440d378da36e79af4e54019149a667cc4778801f2c13ee3109980caf85d7d7eea8f33aed09325bb6f8724f65492ab5a7890a22108b00cb

C:\Program Files\MuMuVMMVbox\.backup\Hypervisor\.backup_info

MD5 0c0e3468843b95f706a24af52198ea50
SHA1 d82205e83d0c7ea92125a090829610e27e816d08
SHA256 8ce1559d507bed32aac83b8c02fb7190a98d475792b49d264d106dae72bdc4b3
SHA512 23e02799af3cf2cba06bf3d8ce74640aa27f129631f97816b26b62e1158321fdeee52760240534a3af06938e78ec34627afc7aedfb92f54d825359e0081a543c

F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\x64\7za.exe

MD5 c7b22afb68e9d8bc28fabc747c985270
SHA1 6a66c177cda1a77cb97b1e011dac5029bdbdc13b
SHA256 b594169f92c5223f5b9b986558b27b908b5ea6c2cd5af7af637e02693330442a
SHA512 a8ca73c837e1ba7c0384e3e6bf73f127d76e527163d27efb66290d50c53af5267b7e8e04c60b78508533161c7a2d4b90b316afc497f9c95f536f0b5b1d6c1971

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 33b56157b407134988dcf8823cb9c5c3
SHA1 864834b50a0cc02ca9467003a5c081e96d9af568
SHA256 84d5876daa2adfd3b520b9e7cf0f3cc744ef37a80dfd47dd36759bcd72fc8f9c
SHA512 99c0a438fdf09fcce295c9dad0cfa2146a31622c0320d3e6f565f619ba85c046173cc81d868c6cf0499c0d00516457ce203c93d22041997b630d61b1c93d3ee9

C:\Users\Admin\AppData\Local\Temp\nemux-downloader-005133d2-6ea3-4fd5-951d-52ad37ed3731.log

MD5 df7af3ce7b417bfb09809613690d684f
SHA1 9e59b54c297f3559fcdd237c9d3ea4bb8537db6c
SHA256 93e14d6d9077d1779d757f699900f15fc681a40c4673c8537d035958f7861abc
SHA512 cf8a1f403019820e3acaae0f74043d15bf67651636bc08a3722a934cf2e031713e48b0a84fd7808c43a956c88767501bfa768b7df3316cde5efb310590ff7010

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e447d2c2da33c3db5f660aadd57ad8d
SHA1 0cb5a7afdc396130cbe1129703cdd708287093a5
SHA256 8d76930403134a2b8baeade851b1f20670ba58358424e14649c4202da63b4148
SHA512 8466237dfd57e171ad9e7849da0630c3db67664c1a8aac7681c8af1d12d4ba76b8b6b6d630434523f12bc5d26d7be1033e63f96d90d7b5c7b797cf0b5bbb4aff

memory/1456-9443-0x00000000000D0000-0x0000000000685000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 38063bf667e4d32324ebf6548120ff09
SHA1 be722de93c3e4782e874c119ec4dd7c004f6e180
SHA256 b50cfa73668af93b9ae60fd17be612465f9a7c147089e110d8308364b87f461f
SHA512 e2211b1a05657905273854ce2fa0eaba686d8ad50d1fdcdee65f0a312503dd39dfe88312822f8607bcf61c8205ac8d9c3691d6a9abad2ea8a7ce1e7c9672d5c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5dd4d11d13a40886368333d470ad5b12
SHA1 0918284319f59285d62c00bbc354290572542f0d
SHA256 a1164ae10b2ef35bd7009893397f78c45e48280971a0d6e0d6fe39a798751992
SHA512 15a28a6100975dad6ecf814ce7aa2c82793716e4467b71e60b6f7f379c0ee11694febfef50fb003d87fad2fb7b118bfe27f8b0e279ff45bfcadf150cbd2198bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 314025075985d92cd9a743d482dafad0
SHA1 709a1050e7a81b54b48e4b43e44140ee8295759b
SHA256 f8ee013eb443b8c1d03179b33d6b550441f2e9772849853ba26755c34c3fad25
SHA512 ea69d1bab3267ef52f7fe7cc75528fe357eb8fe50fc87ef56e4627483288e897d00b4824948749e6b39f7ee064884883903ca634eee0d8d461dada8718847244

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 b88fa317c56e9cca7b200ca95509e92f
SHA1 94c04a0777961dadf337a67fcdf1481af151bba2
SHA256 e428dbf7796f5c8e23e1fe9e4f30f4f101517e1000cbf97ac8e0f9c9407bfdfb
SHA512 ce248b66a5061713539096bec8bc2ac52922760b34ebf143d8cb585200d35f8ca2d3a1cb2db05e361702e211d8b9e5bd04878d34876e1abbca8065106822ab97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a9

MD5 b7acbc2406a7f663f4fbe535b112d734
SHA1 602ffdcae76ca3911638870f244d16ee4522a11c
SHA256 5d3df9af4acbf8773676af0ea887e966bb0f8dcccc6f4f9040d9b6884d3ba51f
SHA512 6b20ee9771a2b9234bcb4ced194b1fe58fae7ae75a3815b740b0b72a9b2a58be77b1ed20b919ea8a9675eb8f708a1b4df37ed8c013549bb85e44118f1362350e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06e2288791323061095e69a2571a3348
SHA1 d2b8b6fdeee512c787a2acaea04223e0699730bd
SHA256 a201eb845bc7ac4075627d64434e6af293eb33d3f3f207a1eb3d926bb314d667
SHA512 2472650817b46f3e61b5c43a2e2d2e9768e9780a1ed78b62541ad1c368c9f9006efbcfe3df66c9a2146a58a1d35e14c134319260354174288e23e9f82be9b327

C:\Users\Admin\Downloads\Unconfirmed 530255.crdownload

MD5 1855f6829b57d87f4db6d1e4a927a613
SHA1 872b9aa9e95c8d7230d3d804445e5f70f35ffdbc
SHA256 e3d7ee533c87118565440894958604c0f9021673a4c2dee09e28d31fc78c58a2
SHA512 eaca88aa93695ca20dfaba7fbb4855790b7d21034b6a8ea3af46b0dc16bb2c54ee6f4cbb2126dcf9b70dd50a37b34db303fe295788182e7ae016d4fcb1926da0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6a7d94a95a70c8063531d89d5d406152
SHA1 32699fd7aa1099e9e324622fd441a72a9ac84b94
SHA256 6dfe46bb3042b5e24c9951c2793e5d291f59534466259bfdd995e8e2f5fe4797
SHA512 f14d56149dbd9c708d04de932dee1527cb5ab685caca88b8afd7dc32a792a22ee8e2f14c0c14cf938c3d5522c3679b078f8bd42d930331a76294f85f665e6c06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e72be7fac1879d003eadfa859bd2350d
SHA1 9aeaa63d8ded6df0468b253bc537b6b1f6517a48
SHA256 f9ddd8447258afb6e4c72eae38e1e65ee172cbacc9cc2a941aa5bc0f39bd84c5
SHA512 49caaa37c889490e6c7ed519c513685181cc3359cd2f1b5983e88cf6c5b89d3ea92c78d2583b0c3cbf336455883871adb8b93f2000d198f64c452b3320fe0b92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 26febbafe6a617187bc97919411d0767
SHA1 0970361a47df05279c7ea9e92a7a5efa94e5d271
SHA256 d66b3e4ffbd5c3cccafd42ded95420a6b79edb9dda59d34bb82bc19a608e7b1d
SHA512 5b7c19287b75fea5c5860e42445bb7d4a641940a13204c3829d4bedc44ac5dfd8d08bf2003ac65d35769db68e7fdd14a0d3f00e2d4049b3a582198a0969fc892

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8bd5777a63bd457db390cac6c1656f32
SHA1 7b6a418695652fe3fb20a986d00d1e79992d3121
SHA256 dc4c9fdb1955859a6d069598a1bb625c845511154274664922e514d71bdfa49e
SHA512 4f9f7febe36737aad69a432de48baaa369b1bfee33c978dde41dd45148f9b6091ea7bf73ef03155301c4342a43e219898910e2f772c6f55426c7d1b6d4cde935

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\633062eb-eafc-4c6e-a2ff-587496f25370.tmp

MD5 48205f4a4cac6137c2eb313945e1bb89
SHA1 89e27a4fb6fcac6c02c8c8694955741ae7fc9c88
SHA256 5769e5fd85f7a60f6b553ea4b918d6b1e0e1dc164713c9c5c9b5836e68ee454f
SHA512 29c581ca2d11805430d7a9ecbd7129f68c4740f2f1484eb325808e1ec391ea3dbc1b4d697a9944828366b7dcfd4642c0873867194280e3e66eed06fbe5b890bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e4e87a0321199bfda682b9f3092e4f8
SHA1 bfebdfd131059cc1fe544f24e2077aa5022a65f8
SHA256 9e3da9dfd13fc0de446e3696aa9e5c51b6113debb0b3f8cc83ebfd1aeb95ae6a
SHA512 9d6276c67604b4da847754692ee5731326bacda7ee2c076b2423723461d252b0360e5d9dd7bffa969ac3ff3695eff65017c3e07aebbf555b16f41b897f63f3e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7bfec0b81bfb9f083259195b235fd858
SHA1 b0637194bc6802f89cca800f50826e314d27b090
SHA256 075748e6cb71651cc253ae5557cf1b1acfb33340d9ea1cd21d570bd12fc0786a
SHA512 23a367eef61fd49a5c387a52b15f73d6d11fa243e22ac3c6e1818ac6470ad84ff2a44d54d8405e944535c2dfa3257483b70695d40c2c2e92795406fd658f339b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e7541d2963d80f55f46ddb621a67a532
SHA1 271483c1824520e426da6b9811015f947ffb41ed
SHA256 b8c31608c81d1e59fd3cb3992b644f3af8d4034eae20bb8645d252c451d9ef06
SHA512 469d43507f24fcb344860cdb1bc7f4354bcec88a25bfcbb16998e8927789ce369f5dcedd097c1e0ca9d36af5c79923e72e25eae0c1805ec2e04485d6c1f0befb

memory/8080-9949-0x0000000005050000-0x0000000005086000-memory.dmp

memory/8080-9950-0x00000000056C0000-0x0000000005CEA000-memory.dmp

memory/8080-9960-0x0000000005600000-0x0000000005622000-memory.dmp

memory/8080-9961-0x0000000005F20000-0x0000000005F86000-memory.dmp

memory/8080-9962-0x0000000006000000-0x0000000006066000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c41pocoz.poa.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/8080-9971-0x0000000006070000-0x00000000063C7000-memory.dmp

memory/8080-9972-0x00000000064F0000-0x000000000650E000-memory.dmp

memory/8080-9973-0x0000000006520000-0x000000000656C000-memory.dmp

memory/8080-9974-0x0000000006AE0000-0x0000000006B14000-memory.dmp

memory/8080-9975-0x000000006E960000-0x000000006E9AC000-memory.dmp

memory/8080-9984-0x00000000076D0000-0x00000000076EE000-memory.dmp

memory/8080-9985-0x0000000007700000-0x00000000077A4000-memory.dmp

memory/8080-9986-0x0000000007E80000-0x00000000084FA000-memory.dmp

memory/8080-9987-0x0000000007830000-0x000000000784A000-memory.dmp

memory/8080-9988-0x00000000078B0000-0x00000000078BA000-memory.dmp

memory/8080-9989-0x0000000007AC0000-0x0000000007B56000-memory.dmp

memory/8080-9990-0x0000000007A40000-0x0000000007A51000-memory.dmp

memory/8080-9991-0x0000000007A80000-0x0000000007A8E000-memory.dmp

memory/8080-9992-0x0000000007B60000-0x0000000007B7A000-memory.dmp

F:\LDPlayer\LDPlayerX\LDPlayerX.exe

MD5 dac0337955a1eb8409dd676179f27679
SHA1 4a8387389c1802d19a82acec976b5404353278d6
SHA256 17d2aadb32eaf935c9c1973b63e6c120c4d9a2e1d40c5ce75394e83b126300c4
SHA512 ae235d981a24506320ad7d7d77f5540540e80519cc750247a1ccd3761a2853b4053166e1ceb56f3746204112f546d6097ab399786e99eee0fcf0f921e0eaeac4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 004af3fdbb065300f0f1f4030187de1a
SHA1 897a6f4a47d5ef23fece9419f0f61c915b566404
SHA256 e08cc4f5940c60d19a775cff434abfa12b95aede8a4e70395651d12ccb0945d5
SHA512 0b8c1e65ecc13a58424a8a730bbddcc10b5de19ac0221b570a264be79be250ba2b93db74dd80490ae0ddbed0690ace4106c3d05231bfaca0ab8ebd763c7d3bfa

C:\Users\Admin\AppData\Roaming\XuanZhi\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b78d9b252c730243ad482399ad4842ed
SHA1 719b1e21d8fe323cac884aed98d9f5d69b61cdd3
SHA256 4388f95a755b18c1eab2386c60d5bb05f6ac6303553d9f5271bd5882bdc6f3a0
SHA512 f73182c0214edbbba2d806ac70990b204188046df359c28bc492373a57006b3ce8106ee55b6733b4d3be0fcf61e5bccf196c72568e4ae5f902db6f4ac6bb8029

C:\Windows\Logs\DISM\dism.log

MD5 e7617bc2059af215b0c9617abfc5a3b8
SHA1 f07e61db93668e1fc428915d692a3c1fe9b01443
SHA256 5d45583fc7f5855f237be574252233ed63f69edd3e4733e901b91ae8651f9554
SHA512 5010d0d404f8c4b823566ac802ac888cd01b4c6099dbd85c9337147e6efbbc34200ea05ed5f6ac8c27429eb394700bee4d5ba9887b91922f761c829bc6c3a444

memory/9832-10586-0x0000000005690000-0x00000000059E7000-memory.dmp

memory/9832-10587-0x0000000005C40000-0x0000000005C8C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0a4dfaa0d5c5f984610564959d249ed1
SHA1 4de26ac6765950fc7c1764bed841b42992ca1274
SHA256 df3402d68f3d3315c86290ec6fc83da6a517a6e54331698de47867c500b5a1a7
SHA512 5fb375d30621606c86056a9dcba7ee7f5c78293a06e5b45cf5ffbb4be06ee2f19c6df658bdb8b962288507cc3301d444f6ab29ee1c3db06923a48ae4ae06bf7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 72c86b38e42f636b0380c8946eaf6fbf
SHA1 1a75e5f3412de500012fd3073ab629786b97ef69
SHA256 4e940a10e31509aad5a407cba4ce43c0e075ad0ae39c1471ce25ffa802f24197
SHA512 f75bc6cde983add88ca5f59a0b9239e8f11a9fcf770aae825df9fce97bef0031fd4d642674e2181565365733daf5cd4978993a9dcb583ce0660fba82bbca3cb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5fc39727537972afb6e3a38c3e8bc096
SHA1 981e970576e06f23e4ceb3a2498551b03fafd5b4
SHA256 88847d5dc126c606d7d743ed0d8ba63b34b1c2f3aa535b6deae47d602454cf43
SHA512 a63069880fd79920528043ff91d2cc435780b09a6d1dc56280f9be0577e9da397723b16dc207c6afcb4870df019e818b44392d26aba4e34afce6e801b4d8fbf0

memory/9832-10669-0x000000006E6D0000-0x000000006E71C000-memory.dmp

memory/9832-10678-0x0000000006E60000-0x0000000006F04000-memory.dmp

memory/9832-10690-0x0000000007140000-0x0000000007151000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 a3666b0e1542300239be05b4583b9b5b
SHA1 a7ac1d0e502cb66f4b5b1cfa25dfd0056729b855
SHA256 2f776ca7cf16faaa9f9335ae409e4d90d128e94dc1caf6dbb24825fd5cc91f14
SHA512 70e32973137b4dfa1375be8e4500ea6e22a7e0c4205ef174c7db4543488ae1cd52eb56cc3ffb2c6e4bbf74c78e17bf0f304a9b764dd2761726efac62ef12a4a4

memory/10024-10730-0x000000006E6D0000-0x000000006E71C000-memory.dmp

memory/6592-10749-0x000000006E6D0000-0x000000006E71C000-memory.dmp

F:\LDPlayer\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

F:\LDPlayer\ldmutiplayer\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

F:\LDPlayer\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

F:\LDPlayer\ldmutiplayer\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

F:\LDPlayer\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

F:\LDPlayer\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

F:\LDPlayer\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

F:\LDPlayer\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

F:\LDPlayer\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

F:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 6fe5ee1daf303963482ffc414b1f4aed
SHA1 076ebaeeb02853d96e20085fbedaf7e61f3a60d3
SHA256 2685e5c1aa3cdead02024f21abadb413c6dc130946f7b44ca01b0cea64bdd2ae
SHA512 8bc6758c95a53ebcd6b6fd27bdd3165f91bcd8f370d677afb7d599865b57ecad274eb21502235eeb64ad2624046cafa9f14576221b1503e333815df5a6dfe134

F:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 77138e2662cdeffd61cf6210ae3fb8ca
SHA1 a085b99630efc74cedd0be9a0eeb57eff7b3850f
SHA256 68c83685da55573ae966db3113ee513dd76ba489024373968e527bd44d814724
SHA512 a4621910aa3ae4b5dfa558e69d0270717341467cf067d9397e2bbf118f789c87eef8750ecb25ffd9c60f51f35ceb40b211ce9a738116c4dfc06e543ac90d1bcc

C:\Users\Admin\AppData\Roaming\LDPlayerX\Cache\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/1096-11059-0x0000000000F10000-0x0000000000F26000-memory.dmp

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 b2e3ba2084f827f2e46a917983363f0b
SHA1 41fd27f8688b7a755abc0acc72a2a6a0e1045c78
SHA256 7daa3d35584a7e87c3e8e3afeb436d088209966471d6c766328087823f1f3e73
SHA512 4aea989bda6efc91836264f04f23fb3760764e3ef7809f618ad949c2e64b5a167fe5d054607535ec22fea4942d9ddc5ea7f70a1f529ee23633c1cd275d90e508

memory/1096-11075-0x0000000036950000-0x0000000036960000-memory.dmp

F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9f081a02d8bbd5d800828ed8c769f5d9
SHA1 978d807096b7e7a4962a001b7bba6b2e77ce419a
SHA256 a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e
SHA512 7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e681bda746d695b173a54033103efa8
SHA1 ae07be487e65914bb068174b99660fb8deb11a1d
SHA256 fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2
SHA512 0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d606e5e3a170c7d9672ea6c8c894bea2
SHA1 51b002ddf35922c2f490c089c60cfe0592a5613c
SHA256 73eac19ce7e48ca90057523a958c6626b0ca20e42726aacded99179fc1e3f40f
SHA512 27fb07995f490ddd135499120945e28aaddacdc45a5096755ffde019a8bc6f0297c97de7ee597250c2fb74ce1f608bbb13a389784501f310a64b0b559ee3f9f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5ebd226a7ca88a62f9a7a9c519f30e71
SHA1 2e0f604dbc25d3a8ebe7e1cdc79fa388a74e9a68
SHA256 92d831a5304baaf976377fdb9b125ed814651030a6e12cf233eb67cb9f35de73
SHA512 aee87145ad76e0dd4a99863aa9e26b1204cb8802639796bef9901f9ea19de2ee1cbd335da9253c3658dd4652f1214eaadc0d42f16e191441614b76f251496cf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d55272d7b7f444b8f5c9f8711b272a12
SHA1 20b45f4eb191924eeb48cfacf0983aa7deb8f2f5
SHA256 7ee14d8499104f80e85cc75df97f603487a61bb53e4839ebffa8fac0d649e2b5
SHA512 5b89860d8e4f656a50a7d171eb3ba98b9f0c69af14b584746e99bcabec23348299013280d7e4a8dd92eae3d90c5945ff4b3a0d17a971da605c61019ec33b2ffa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4f5dcffe0bb0c0412c805c4323957bb0
SHA1 f34e2c4cd8467f180a252bc5314179105aae5339
SHA256 ca619f4443f01a3d0dd0ddb4b1b8805e730b4e498662b4b674247a073d545fe0
SHA512 29986d8df691121e1c2daa152110d1c0c145381edf42c2dd7db8d0087d103f7798da96dee6826224cc811e6ffab68ac13e5cf95bd3457cd22bdf25b8c9f28a37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bfd5a38d-9fd6-4d75-845b-f502faf3e802.tmp

MD5 dda9ad8e0f60a9e6d0fc3b97a862f206
SHA1 6e517063ea998cc7c54da98240efaa88a50e8e2f
SHA256 0279ece59e7411fe4cb7b938e220e6dfdcd9593d76c66702e7bbb56cd9c7a7cc
SHA512 449d526d108d0ba9b556bd2879875298e3dff5418c317e5e98822955ddf0327ae0ff25aebbe3c771a868284aee9706ba424ce5f1a279091cb51eaae3bd9046b2

memory/1096-11438-0x0000000071A30000-0x0000000071A89000-memory.dmp

memory/1096-11437-0x0000000071A90000-0x0000000071B0A000-memory.dmp

memory/1096-11436-0x0000000071B10000-0x0000000071B8E000-memory.dmp

memory/1096-11435-0x00000000671E0000-0x0000000067786000-memory.dmp

memory/1096-11439-0x00000000657E0000-0x00000000671DB000-memory.dmp

memory/1096-11480-0x0000000071B10000-0x0000000071B8E000-memory.dmp

memory/1096-11482-0x0000000071A30000-0x0000000071A89000-memory.dmp

memory/1096-11481-0x0000000071A90000-0x0000000071B0A000-memory.dmp

memory/1096-11479-0x00000000671E0000-0x0000000067786000-memory.dmp

memory/1096-11483-0x00000000657E0000-0x00000000671DB000-memory.dmp

C:\Users\Admin\AppData\Roaming\LDPlayerX\Cache\Network Persistent State~RFe613a1a.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\LDPlayerX\Cache\Network Persistent State

MD5 66820526c5dd8d6630e1244e0cf96ea8
SHA1 4e45b57f158d283074d0baddad414b3f93f90a2a
SHA256 2588bd1f0499b74d24179e7f0627e863735cda437b0217559f1688888e8e801c
SHA512 1af6e9db40e718d4fd8215da6ed2eba9d36921585bc9f57f3276a24fb532a989097d349f5d470453b66c59f24b398ff776fa471f91fb8b7350ecfaff1b2ad0f3

C:\Users\Admin\AppData\Roaming\LDPlayerX\Cache\Cache\f_000004

MD5 834e7da6c9def4b0d1e1d95e61c27498
SHA1 42f9d3ec8b8873e72e63d9c14456e71254eab73a
SHA256 7e70b2c45c8f9ba13b82ef52e647693de291c4cdb214c59d6147f20a2d895892
SHA512 c13b118ea5ff0f7fb960afca580370de6e9b8c866b451f194692dc8ea8992d3ee26bd382039936e240afcb9a009fe5bf1c983a75fb89508496905a7141eea70b

C:\Users\Admin\AppData\Roaming\LDPlayerX\Cache\TransportSecurity

MD5 e1b35e2b90a4522891fd2b221f43d42a
SHA1 2b1fcfaba4e610b562ebe1f9ba1fcec870a6aee6
SHA256 8a38184b3db278fed05231e3adf36a7d10406e34bf8f181f5c0e8347f44f44af
SHA512 dbec2ef861b86882b1dce737ba3e7f37b8c5c00490da957d80592a81130149e7290deea2cd795939a07d345619ca15a17eaa072ff006e2227e17839763250faf

C:\Users\Admin\AppData\Roaming\LDPlayerX\Cache\Code Cache\js\index-dir\the-real-index

MD5 2fdb378af7480b889975402d4736fb64
SHA1 55c7e5d97c54ee7af8f4c0e9e81d1ddee97fd37f
SHA256 f8e3e89aec49dd93dd129ddc06a3891e1ef5138dc30e90c0a7d1ab88bb1047cd
SHA512 ffc81b45f328782412f1714679b3d6c8b04abbaddf364c755a455e53c53b41cf145aff5ba786c8aa1b0029841d348fcd508ec4f4addcd13c2fe8096c976e73a7