f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593

Analysis

max time kernel
119s
max time network
303s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20-08-2024 20:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
Size

5.3MB
MD5

fbd9ad001bb2719f574c0705c5de05fb
SHA1

d07e77a490ad677935ac8213b88237e94440e791
SHA256

f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593
SHA512

5724e3f858ae7ea92ba4ce325f3f8f4b90ecc6d7c19476e2888c4b09f0913463191b977f71314300918cceb0a6ae0b80e29d3c70891e8aeb9314da233a929e96
SSDEEP

98304:oeZOuRuvqAgef1ndGaX6tJJQv2FKA75OpVclc02vDRZTEB:1ZOPNdo3u0jc02vVZoB

Score

8^/10

discovery execution persistence privilege_escalation

Malware Config

Signatures

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Downloads MZ/PE file
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

nemu-downloader.exe

description ioc process

File opened (read-only) \??\F: nemu-downloader.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

20 raw.githubusercontent.com
89 raw.githubusercontent.com
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

description	ioc	process
File opened (read-only)	\??\F:	nemu-downloader.exe

flow	ioc
20	raw.githubusercontent.com
89	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

Processes:

MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

description	ioc	process
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\api-ms-win-core-rtlsupport-l1-1-0.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtTest\TestCase.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp.inf	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\ProgressBar.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPUninstall.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuthSimple.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\icuin71.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\Qt\labs\calendar\WeekNumberColumn.qmlc	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\Qt\labs\platform\qtlabsplatformplugin.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\ApplicationWindow.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\label-icon16.png	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\app.c1f2e2e1.js	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\jasper.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\SwipeViewSpecifics.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\groupbox-icon16.png	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\favicon.ico	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-en-json.3a107e70.js	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\MenuSeparator.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\itemdelegate-icon.png	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipEng.lng	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\crashpad_handler.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\ToolTip.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\SwipeDelegateSpecifics.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\[email protected]	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Imagine\BusyIndicator.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Uninstall.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfInstall.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\concrt140.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Window.2\windowplugin.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMDDR0.r0	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMDrv.sys	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\plugins\qmltooling\qmldbg_tcp.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQml\WorkerScript.2\workerscriptplugin.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\RoundButton.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Imagine\Label.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.cat	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\mumuvmmvmmr0.cat	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\api-ms-win-crt-math-l1-1-0.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\plugins\imageformats\qgif.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\TabButton.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\close_hover.a128114a.svg	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfUninstall.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File opened for modification	C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.inf	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMGuestControlSvc.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\NetLwfUninstall.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7zToFar.ini	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\Pane.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\StackViewSpecifics.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\[email protected]	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-vi-json.b8c1c7c4.js	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcp100.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\device\libRenderer.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\ToolBar.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\rcc\CrashResource.rcc	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuth.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\win7\mumuvmmdrv.cat	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\checkbox-icon.png	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\api-ms-win-core-errorhandling-l1-1-0.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\webpdecoder.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQml\Models.2\modelsplugin.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetFlt.sys	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\NetFltInstall.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\api-ms-win-crt-runtime-l1-1-0.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Executes dropped EXE 15 IoCs

Processes:

nemu-downloader.exeColaBoxChecker.exeHyperVChecker.exeHyperVChecker.exeHyperVChecker.exeMuMuDownloader.exeMuMuNG-setup-V3.8.18.2845-overseas-0417125205.exeMuMuVMMSVC.exeMuMuVMMSVC.exeSUPUninstall.exeSUPUninstall.exeSUPInstall.exeSUPUninstall.exeSUPUninstall.exeMuMuVMMSVC.exe

pid	process
568	nemu-downloader.exe
4500	ColaBoxChecker.exe
1472	HyperVChecker.exe
3644	HyperVChecker.exe
4352	HyperVChecker.exe
1156	MuMuDownloader.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
9324	MuMuVMMSVC.exe
10728	MuMuVMMSVC.exe
9408	SUPUninstall.exe
5528	SUPUninstall.exe
11104	SUPInstall.exe
12872	SUPUninstall.exe
12928	SUPUninstall.exe
8564	MuMuVMMSVC.exe

Launches sc.exe 16 IoCs

Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid	process
10284	sc.exe
11456	sc.exe
8412	sc.exe
11044	sc.exe
12820	sc.exe
11604	sc.exe
7812	sc.exe
11420	sc.exe
9148	sc.exe
6596	sc.exe
12936	sc.exe
7940	sc.exe
1204	sc.exe
12744	sc.exe
11200	sc.exe
11168	sc.exe

Loads dropped DLL 64 IoCs

Processes:

MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

pid	process
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 26 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

sc.exesc.exeregsvr32.exesc.exesc.exeregsvr32.exeregsvr32.exeMuMuDownloader.exesc.exesc.exesc.exesc.exesc.exeColaBoxChecker.exeMuMuNG-setup-V3.8.18.2845-overseas-0417125205.exeregsvr32.exeregsvr32.exesc.exesc.exeMuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exenemu-downloader.exeregsvr32.exesc.exesc.exesc.exesc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MuMuDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ColaBoxChecker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nemu-downloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exeMuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21640CFA-3173-46C9-B848-34C1AD2021F5}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{90E49301-D830-4306-A1F3-BFC71FEEE221}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6554764E-37BE-4115-9BE8-57A82AE6CF7B}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1091049E-61C1-4EB7-A8AD-2F639B529514}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7964E4C7-210C-4187-8219-FD3DF80898EF}\ = "ISession"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C5E4D34D-77E2-4DBA-86EC-AEAC69E88C58}\ = "ICertificate"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5518A4D0-4FE2-4C52-A15D-9783B1DB3C2C}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{596DBD3B-45C2-428D-A6BD-4DB73146247B}\NumMethods\ = "15"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2A18265-7798-4B71-B151-9C482B5A01A1}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{95AC0856-A30E-4D1E-9A9A-E6E92BA93616}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MuMuVMMSVC.exe	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{659A41BB-448A-4687-B370-056586550524}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DF300E2-B8D6-48F5-97BE-EB4B2E140DAD}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCCAB3EA-EED8-447D-9505-6DD1A0C030BE}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19BF0EE8-347E-47E0-8656-98C29419381F}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MuMuVMMSVC.exe	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5151471-9389-4A0D-8019-277A7E3DD0C7}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B87FDF7E-7949-4D7A-9271-F9D000B63260}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2AB55723-AAB2-4DAB-B7AC-97634179EA27}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C0F3B60-ADC2-48C7-86E0-C1078F8A2C32}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session.1\CLSID\ = "{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{32605EDE-1D81-47DD-BCE8-51C43051B4E0}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21640CFA-3173-46C9-B848-34C1AD2021F5}\ = "ICloudProvider"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3C5382F6-E635-46BB-ADE7-A955077FCFA5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{879831D9-86CB-4E5E-898C-DC35EC7FB029}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{516FA0AA-EFEA-404F-8444-75DCA7CD41F1}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23cd1535-edaa-4f21-a4ab-45d97fd1d58b}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE116748-F53B-460A-8AA2-24841E23BCB2}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{11690280-302F-44CC-BFC4-3BD46A6AE61F}\ = "IStorageDeviceChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{17C39A6A-936A-4A74-B799-D50125B41CBC}\ = "IProgressPercentageChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA85612D-AD4A-4F0C-8B67-C288A053C5B2}\ = "IInternalMachineControl"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DD43B2D-CFA4-430F-AEFB-2BB6207ED16E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3753605F-620D-4093-861B-04A5B6EC8A35}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D5BD057-C27D-4C6B-A7EB-FE9077FF6A4E}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{17C39A6A-936A-4A74-B799-D50125B41CBC}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{208DF701-79C8-426C-814B-18828F6A0B61}\InProcServer32\ = "C:\\Program Files\\MuMuVMMVbox\\Hypervisor\\MuMuVMMProxyStub.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59E49F18-EE2F-4321-AF6B-67F13D044F8F}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8BCBE07-EDE6-43F2-B466-BF3FA8E03B38}\NumMethods\ = "13"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{221F753B-585B-4037-803A-CA50508A0337}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95AC0856-A30E-4D1E-9A9A-E6E92BA93616}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{221F753B-585B-4037-803A-CA50508A0337}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6C1B401-B9AE-492E-BB52-62696149ABDD}\NumMethods\ = "115"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A154665C-E091-46FD-857E-80717FEF416D}\NumMethods\ = "30"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C60FEDB7-D987-4956-9F1C-9969189810F9}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C9AA0D3-2AA3-4C8E-BA6D-F6A2359112CD}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll"	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE116748-F53B-460A-8AA2-24841E23BCB2}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{47110CDD-F7D1-4A2B-A3EE-8D2B5FCC60C0}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0E2B1C1-F72B-4858-A2FE-62CC210436DF}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C5E4D34D-77E2-4DBA-86EC-AEAC69E88C58}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{086CF6D0-0D44-471D-A522-D7A947AD1CE6}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DC2AEB7-E07E-4DD6-B4FD-E00406BE03EC}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{091B8C0B-EAD2-494C-AC98-666B083FD278}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C0F3B60-ADC2-48C7-86E0-C1078F8A2C32}\NumMethods\ = "17"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{799781CD-3C2B-4543-81D2-631FCA5F4A97}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{968951F2-BD74-4274-AE8E-351C5E2E8342}\NumMethods\ = "37"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F0EC41A-0A41-463C-A896-DDE7CA9360A3}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AC2EA53E-7257-4888-8DC8-757EAA526074}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD94B1B9-4E0A-4E29-9523-87773798D7FE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{06901EE6-825E-406B-B9B9-0AB7AFC657C5}\ = "IVRDEServerChangedEvent"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB6AFD2A-2D8B-487D-9129-EFBE688C6682}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AE5E562D-B876-4018-9812-E54B71AA7EA3}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C5E4D34D-77E2-4DBA-86EC-AEAC69E88C58}\NumMethods	regsvr32.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

Processes:

nemu-downloader.exeMuMuNG-setup-V3.8.18.2845-overseas-0417125205.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
568	nemu-downloader.exe
568	nemu-downloader.exe
568	nemu-downloader.exe
568	nemu-downloader.exe
568	nemu-downloader.exe
568	nemu-downloader.exe
568	nemu-downloader.exe
568	nemu-downloader.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
5560	chrome.exe
5560	chrome.exe
10512	msedge.exe
10512	msedge.exe
10808	msedge.exe
10808	msedge.exe
10264	identity_helper.exe
10264	identity_helper.exe
11144	msedge.exe
11144	msedge.exe

Suspicious behavior: LoadsDriver 7 IoCs

Processes:

pid process

680
680
680
680
680
680
680

pid	process
680
680
680
680
680
680
680

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exemsedge.exe

pid	process
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exechrome.exefirefox.exe

description	pid	process
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeRestorePrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeTakeOwnershipPrivilege	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeDebugPrivilege	5544	firefox.exe
Token: SeDebugPrivilege	5544	firefox.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe
Token: SeShutdownPrivilege	5560	chrome.exe
Token: SeCreatePagefilePrivilege	5560	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exechrome.exemsedge.exe

pid	process
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exemsedge.exe

pid	process
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
5560	chrome.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe
10808	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exefirefox.exeMuMuVMMSVC.exeMuMuVMMSVC.exeMuMuVMMSVC.exe

pid process

4876 MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
5544 firefox.exe
9324 MuMuVMMSVC.exe
10728 MuMuVMMSVC.exe
8564 MuMuVMMSVC.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exenemu-downloader.exechrome.exefirefox.exeMuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

description	pid	process	target process
PID 3732 wrote to memory of 568	3732	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	nemu-downloader.exe
PID 3732 wrote to memory of 568	3732	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	nemu-downloader.exe
PID 3732 wrote to memory of 568	3732	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	nemu-downloader.exe
PID 568 wrote to memory of 4500	568	nemu-downloader.exe	ColaBoxChecker.exe
PID 568 wrote to memory of 4500	568	nemu-downloader.exe	ColaBoxChecker.exe
PID 568 wrote to memory of 4500	568	nemu-downloader.exe	ColaBoxChecker.exe
PID 568 wrote to memory of 1472	568	nemu-downloader.exe	HyperVChecker.exe
PID 568 wrote to memory of 1472	568	nemu-downloader.exe	HyperVChecker.exe
PID 568 wrote to memory of 3644	568	nemu-downloader.exe	HyperVChecker.exe
PID 568 wrote to memory of 3644	568	nemu-downloader.exe	HyperVChecker.exe
PID 568 wrote to memory of 4352	568	nemu-downloader.exe	HyperVChecker.exe
PID 568 wrote to memory of 4352	568	nemu-downloader.exe	HyperVChecker.exe
PID 568 wrote to memory of 1156	568	nemu-downloader.exe	MuMuDownloader.exe
PID 568 wrote to memory of 1156	568	nemu-downloader.exe	MuMuDownloader.exe
PID 568 wrote to memory of 1156	568	nemu-downloader.exe	MuMuDownloader.exe
PID 568 wrote to memory of 4876	568	nemu-downloader.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
PID 568 wrote to memory of 4876	568	nemu-downloader.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
PID 568 wrote to memory of 4876	568	nemu-downloader.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
PID 5560 wrote to memory of 6132	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 6132	5560	chrome.exe	chrome.exe
PID 5500 wrote to memory of 5544	5500	firefox.exe	firefox.exe
PID 5500 wrote to memory of 5544	5500	firefox.exe	firefox.exe
PID 5500 wrote to memory of 5544	5500	firefox.exe	firefox.exe
PID 5500 wrote to memory of 5544	5500	firefox.exe	firefox.exe
PID 5500 wrote to memory of 5544	5500	firefox.exe	firefox.exe
PID 5500 wrote to memory of 5544	5500	firefox.exe	firefox.exe
PID 5500 wrote to memory of 5544	5500	firefox.exe	firefox.exe
PID 5500 wrote to memory of 5544	5500	firefox.exe	firefox.exe
PID 5500 wrote to memory of 5544	5500	firefox.exe	firefox.exe
PID 5500 wrote to memory of 5544	5500	firefox.exe	firefox.exe
PID 5500 wrote to memory of 5544	5500	firefox.exe	firefox.exe
PID 4876 wrote to memory of 1204	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe	sc.exe
PID 4876 wrote to memory of 1204	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe	sc.exe
PID 4876 wrote to memory of 1204	4876	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe	sc.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe
PID 5560 wrote to memory of 5052	5560	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3732

C:\Users\Admin\AppData\Local\Temp\7z782A7E94\nemu-downloader.exe
C:\Users\Admin\AppData\Local\Temp\7z782A7E94\nemu-downloader.exe
2⤵
- Enumerates connected drives
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:568

C:\Users\Admin\AppData\Local\Temp\7z782A7E94\ColaBoxChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z782A7E94\ColaBoxChecker.exe" checker /baseboard
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4500

C:\Users\Admin\AppData\Local\Temp\7z782A7E94\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z782A7E94\HyperVChecker.exe"
3⤵
- Executes dropped EXE
PID:1472

C:\Users\Admin\AppData\Local\Temp\7z782A7E94\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z782A7E94\HyperVChecker.exe"
3⤵
- Executes dropped EXE
PID:3644

C:\Users\Admin\AppData\Local\Temp\7z782A7E94\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z782A7E94\HyperVChecker.exe"
3⤵
- Executes dropped EXE
PID:4352

C:\Users\Admin\AppData\Local\Temp\7z782A7E94\MuMuDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\7z782A7E94\MuMuDownloader.exe" --log="C:\Users\Admin\AppData\Local\Temp\nemu-downloader-aria.log" --log-level=notice --check-certificate=false --enable-rpc=true --rpc-listen-port=49857 --continue --max-concurrent-downloads=10 --max-connection-per-server=5 --async-dns=false --file-allocation=prealloc --enable-mmap=true --connect-timeout=5 --rpc-max-request-size=1024M --stop-with-process=568
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1156

C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe" /S /auto_start=false /fchannel=gw-overseas12 /D=C:\Program Files\Netease\MuMuPlayerGlobal-12.0
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4876

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:1204

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:9324

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
4⤵
- System Location Discovery: System Language Discovery
PID:9696

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
5⤵
PID:9944

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
4⤵
- System Location Discovery: System Language Discovery
PID:10104

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
5⤵
PID:10148

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /RegServer
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:10728

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
4⤵
- System Location Discovery: System Language Discovery
PID:9100

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
5⤵
PID:7824

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
4⤵
- System Location Discovery: System Language Discovery
PID:10784

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
5⤵
- Modifies registry class
PID:12312

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
4⤵
- Executes dropped EXE
PID:9408

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
4⤵
- Executes dropped EXE
PID:5528

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:10284

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe"
4⤵
- Executes dropped EXE
PID:11104

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:7812

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:6596

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:11456

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:11420

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" start MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:8412

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" start MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:12744

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:11044

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:9148

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:12820

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:11200

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:12936

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:11168

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
4⤵
- Executes dropped EXE
PID:12872

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
4⤵
- Executes dropped EXE
PID:12928

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:7940

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
5⤵
PID:7924

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:8564

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
4⤵
- System Location Discovery: System Language Discovery
PID:8300

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
5⤵
PID:11184

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
4⤵
- System Location Discovery: System Language Discovery
PID:12372

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
5⤵
- Modifies registry class
PID:12396

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "comregister.cmd -u"
4⤵
PID:8836

C:\Windows\SysWOW64\net.exe
NET FILE
5⤵
PID:12020

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 FILE
6⤵
PID:12840

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cd
5⤵
PID:7972

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cd
5⤵
PID:7312

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ver
5⤵
PID:9648

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
5⤵
PID:11824

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
5⤵
PID:12760

C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
6⤵
PID:10752

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMClient-x86.dll"
5⤵
PID:13088

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
5⤵
PID:11636

C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
6⤵
PID:11664

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMProxyStub-x86.dll"
5⤵
PID:13220

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
4⤵
PID:9296

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
4⤵
PID:11556

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
4⤵
- Launches sc.exe
PID:11604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ResizeSubmit.bat" "
1⤵
PID:4588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004A8
1⤵
PID:2064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5bdccc40,0x7ffd5bdccc4c,0x7ffd5bdccc58
2⤵
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1668,i,498269428414077006,15213302248410653573,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1716 /prefetch:2
2⤵
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,498269428414077006,15213302248410653573,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2080 /prefetch:3
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,498269428414077006,15213302248410653573,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:8
2⤵
PID:6588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,498269428414077006,15213302248410653573,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3080 /prefetch:1
2⤵
PID:8228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,498269428414077006,15213302248410653573,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:7336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4296,i,498269428414077006,15213302248410653573,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4252 /prefetch:8
2⤵
PID:9792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4184,i,498269428414077006,15213302248410653573,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3460 /prefetch:1
2⤵
PID:9924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5500

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1920 -parentBuildID 20240401114208 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82a8177b-8d8f-40f0-a951-e8000f8a0b74} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" gpu
3⤵
PID:6572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2356 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d77ff99-6fd6-4f35-95f8-2a85c8462f7a} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" socket
3⤵
- Checks processor information in registry
PID:4548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3064 -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 3052 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0da95b71-d32b-444e-8723-12bc139c1993} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3044 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8af07696-1b15-452c-a352-615188807dc7} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4180 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4172 -prefMapHandle 4168 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90a0b947-a8ec-4888-8855-34d439c2da18} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" utility
3⤵
- Checks processor information in registry
PID:7296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3192 -childID 3 -isForBrowser -prefsHandle 5280 -prefMapHandle 5296 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c89d0f6b-097b-4d0d-a6b3-7b66bf0f940d} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3292 -childID 4 -isForBrowser -prefsHandle 5496 -prefMapHandle 5500 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ec60d13-1ce1-484e-954e-031f124f4d99} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:9180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 5 -isForBrowser -prefsHandle 5688 -prefMapHandle 5684 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce063a91-f3f8-4585-b4e9-b3d7f2eea255} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:9196

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 6 -isForBrowser -prefsHandle 5792 -prefMapHandle 5796 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a970ce43-ba7e-4329-9db0-688b7aec20ab} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:9208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6052 -childID 7 -isForBrowser -prefsHandle 5780 -prefMapHandle 5880 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2047b7a-a9ad-41e5-a314-ca1d2fafc1f7} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7696

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6112 -childID 8 -isForBrowser -prefsHandle 6120 -prefMapHandle 6124 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ecc32ce-f5d5-45ec-8382-0b513b24598a} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6272 -childID 9 -isForBrowser -prefsHandle 6352 -prefMapHandle 6348 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eecddbbe-85f8-4ea8-b704-cc4366792ccc} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6464 -childID 10 -isForBrowser -prefsHandle 6544 -prefMapHandle 6540 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed85089a-a972-444d-9cbb-c1aee6eb2565} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6684 -childID 11 -isForBrowser -prefsHandle 6448 -prefMapHandle 6452 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d41464a7-edf8-4d34-af58-90b52b20fb95} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7744

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6932 -childID 12 -isForBrowser -prefsHandle 6852 -prefMapHandle 6860 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2811e9b-cf6f-407e-8d9c-bb71445b5030} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7040 -childID 13 -isForBrowser -prefsHandle 7120 -prefMapHandle 7116 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46ef4d81-0125-40a0-bacd-dddeaf2aee7d} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7224 -childID 14 -isForBrowser -prefsHandle 7232 -prefMapHandle 7236 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0648ab5-9cb6-4546-86ee-547f90bb1c93} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7432 -childID 15 -isForBrowser -prefsHandle 7440 -prefMapHandle 7216 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab13a199-6f0b-4009-9f6e-0609b8477aa2} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7832

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7688 -childID 16 -isForBrowser -prefsHandle 7608 -prefMapHandle 7612 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a7c48ab-8692-458d-8f3c-89cea23803c3} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7780 -childID 17 -isForBrowser -prefsHandle 7700 -prefMapHandle 7704 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ba4e0e2-fc7a-416b-9d4f-f4b8434ee053} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7908 -childID 18 -isForBrowser -prefsHandle 7984 -prefMapHandle 7980 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75d75ce3-6c2d-4978-93c5-08fb53c8599e} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8172 -childID 19 -isForBrowser -prefsHandle 8092 -prefMapHandle 8100 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f64c9b9-fbc9-46a3-9696-44da44958928} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8272 -childID 20 -isForBrowser -prefsHandle 8280 -prefMapHandle 8284 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b2a4585-d5ed-4d38-bbf5-b3d7b252e963} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8464 -childID 21 -isForBrowser -prefsHandle 8472 -prefMapHandle 8476 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {545739ca-8cc4-4ba5-9aa0-724845f90a73} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8656 -childID 22 -isForBrowser -prefsHandle 8664 -prefMapHandle 8668 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4747c845-5019-4fed-8857-6a48a5b923c6} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8936 -childID 23 -isForBrowser -prefsHandle 8856 -prefMapHandle 8860 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c16149e-9fe9-4165-ad92-2c0d907dbb8a} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8836 -childID 24 -isForBrowser -prefsHandle 9080 -prefMapHandle 9088 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {256b09d9-c5b3-4f1d-a0db-aaee1deb88e2} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9236 -childID 25 -isForBrowser -prefsHandle 9244 -prefMapHandle 9248 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a990be5-2d27-4cc6-bf52-852020879572} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9428 -childID 26 -isForBrowser -prefsHandle 9436 -prefMapHandle 9440 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72edaa76-5040-433f-a8bf-f887b40b47e6} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9620 -childID 27 -isForBrowser -prefsHandle 9628 -prefMapHandle 9632 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60bdf9dd-52d6-4236-9104-b662715869c2} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9836 -childID 28 -isForBrowser -prefsHandle 9912 -prefMapHandle 9908 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fba13dea-c4c9-4edb-8a69-cc68881f48b2} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9816 -childID 29 -isForBrowser -prefsHandle 10028 -prefMapHandle 10032 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5eae0589-ac79-4d25-a859-79a7ebfb264e} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10212 -childID 30 -isForBrowser -prefsHandle 10220 -prefMapHandle 10224 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81676c13-77d8-4f2c-a633-45ad12fad9f4} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10380 -childID 31 -isForBrowser -prefsHandle 10424 -prefMapHandle 10432 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d37a688-0d19-46fa-ab63-12252fb4b97a} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10584 -childID 32 -isForBrowser -prefsHandle 10592 -prefMapHandle 10596 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {298025e1-7b71-4fd6-8626-aa099dd6023f} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8104

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10804 -childID 33 -isForBrowser -prefsHandle 10760 -prefMapHandle 10568 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ef5522-a4b0-4eee-af01-5ca9be7d06e4} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10976 -childID 34 -isForBrowser -prefsHandle 10984 -prefMapHandle 10988 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91df686d-a9d4-4955-ae5b-d25b1e6128d2} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8128

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10960 -childID 35 -isForBrowser -prefsHandle 11184 -prefMapHandle 11188 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdfdaaa8-f31c-4808-ac08-7b775558d62a} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11380 -childID 36 -isForBrowser -prefsHandle 11456 -prefMapHandle 11452 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7969b17c-4359-49ba-bd0a-a9e9ff7c4842} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8164

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11636 -childID 37 -isForBrowser -prefsHandle 11556 -prefMapHandle 11560 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {377c53f9-d9de-4743-95f9-ac3d07a3f005} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11836 -childID 38 -isForBrowser -prefsHandle 11756 -prefMapHandle 11764 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {682c7a9b-a8a9-4625-84e0-5ba0ad4bcf7d} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11944 -childID 39 -isForBrowser -prefsHandle 12024 -prefMapHandle 12020 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8af91bfb-2ce0-4718-a85c-bab12db1f585} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:6784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12148 -childID 40 -isForBrowser -prefsHandle 12224 -prefMapHandle 12220 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69400d25-7542-4e68-9ad8-534561a728eb} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:3712

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12320 -childID 41 -isForBrowser -prefsHandle 12328 -prefMapHandle 12332 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b33ebf4d-7e13-404e-993e-354b638e409b} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:6600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12536 -childID 42 -isForBrowser -prefsHandle 12612 -prefMapHandle 12608 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f639db23-c0b2-464d-8cc5-ad377fb15c02} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12728 -childID 43 -isForBrowser -prefsHandle 12804 -prefMapHandle 12800 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bce38f61-ff3e-4bca-bc83-0e234fbabd19} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:4676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12920 -childID 44 -isForBrowser -prefsHandle 12996 -prefMapHandle 12992 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {848dd211-b4f4-4b18-b95e-ec0ad56a69fa} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13176 -childID 45 -isForBrowser -prefsHandle 13096 -prefMapHandle 13100 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd63942c-7829-46a2-a413-5c9ffd27b404} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7628

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12920 -childID 46 -isForBrowser -prefsHandle 13192 -prefMapHandle 13292 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f1b8683-56a6-4acc-a546-c1e8a25c926a} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13500 -childID 47 -isForBrowser -prefsHandle 13576 -prefMapHandle 13572 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4e67e1f-c62f-478e-9750-8465b723f6ca} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13712 -childID 48 -isForBrowser -prefsHandle 13372 -prefMapHandle 13460 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2255fd5f-26e9-44da-94f1-172da2599548} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13892 -childID 49 -isForBrowser -prefsHandle 13904 -prefMapHandle 13848 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf20a84e-3837-462f-9982-813a42082f3a} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14052 -childID 50 -isForBrowser -prefsHandle 14060 -prefMapHandle 14064 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05cb7d7d-0318-4187-a975-78dc245444dc} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14268 -childID 51 -isForBrowser -prefsHandle 14276 -prefMapHandle 14284 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0136688-1be1-4794-9477-e6326082fb17} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14452 -childID 52 -isForBrowser -prefsHandle 14532 -prefMapHandle 14528 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60267200-e54f-4345-8da5-4d97c7f5f26e} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14644 -childID 53 -isForBrowser -prefsHandle 14724 -prefMapHandle 14720 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00b40453-8f9b-4575-8419-cd3acbcf202b} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14848 -childID 54 -isForBrowser -prefsHandle 14924 -prefMapHandle 14920 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c159c3e-9755-40b9-acaf-7063d7b74839} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15112 -childID 55 -isForBrowser -prefsHandle 15032 -prefMapHandle 15040 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5846fd4-3331-4721-8bc4-d6a8dbf242d3} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8500

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15232 -childID 56 -isForBrowser -prefsHandle 15308 -prefMapHandle 15304 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91ab30f9-e7e8-4c88-9183-5acde1646ac1} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15404 -childID 57 -isForBrowser -prefsHandle 15412 -prefMapHandle 15416 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9007e9e0-1f2e-4b3f-8797-f65e032e9d61} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15684 -childID 58 -isForBrowser -prefsHandle 15604 -prefMapHandle 15608 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {084cd6be-29ba-4fb1-9c37-9ad7b32b3ce4} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15388 -childID 59 -isForBrowser -prefsHandle 15824 -prefMapHandle 15832 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d94bfd6-49e1-4d47-a310-947fedd72b00} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=16004 -childID 60 -isForBrowser -prefsHandle 16080 -prefMapHandle 16076 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2393a0f2-9d82-4e22-ade7-3ad329b2edc6} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=16196 -childID 61 -isForBrowser -prefsHandle 16272 -prefMapHandle 16268 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c154cca4-8341-4b79-8b97-e1c276f09577} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=16168 -childID 62 -isForBrowser -prefsHandle 16156 -prefMapHandle 15984 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2c5ff41-aa74-44fb-9b7e-38c0e2a0e906} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=16568 -childID 63 -isForBrowser -prefsHandle 16572 -prefMapHandle 16576 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {888b33be-5bca-43ed-baf6-7f1fcfe2c3d4} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=16752 -childID 64 -isForBrowser -prefsHandle 16760 -prefMapHandle 16764 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fecb880a-8646-4d41-9dd9-75a8a9092567} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=17044 -childID 65 -isForBrowser -prefsHandle 17036 -prefMapHandle 17032 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3b23138-0535-4a3a-82d8-27fc91594ae4} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8552

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=16948 -childID 66 -isForBrowser -prefsHandle 17176 -prefMapHandle 17180 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86a248a0-8334-4d6c-9a39-0852774d2e74} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:7752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=17328 -childID 67 -isForBrowser -prefsHandle 17336 -prefMapHandle 17340 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14577a75-7d1c-4fc0-9702-b09a34025769} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8740

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=17524 -childID 68 -isForBrowser -prefsHandle 17532 -prefMapHandle 17536 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0c46909-9157-4244-95f8-158e4329a904} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=17812 -childID 69 -isForBrowser -prefsHandle 17732 -prefMapHandle 17740 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c189fca3-21b0-4f4d-ba7f-821a364599d8} 5544 "\\.\pipe\gecko-crash-server-pipe.5544" tab
3⤵
PID:8564

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:9284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:10808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffd43d63cb8,0x7ffd43d63cc8,0x7ffd43d63cd8
2⤵
PID:10996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
2⤵
PID:10504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:10512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:8
2⤵
PID:10860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:9152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
2⤵
PID:8800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
2⤵
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
2⤵
PID:10072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:7852

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:10264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
2⤵
PID:12608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:11144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
2⤵
PID:11852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1
2⤵
PID:8420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4784 /prefetch:8
2⤵
PID:12356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5472 /prefetch:8
2⤵
PID:8360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
2⤵
PID:11580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
2⤵
PID:10392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
2⤵
PID:8564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
2⤵
PID:11196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5020 /prefetch:2
2⤵
PID:11828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
2⤵
PID:9532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
2⤵
PID:12752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
2⤵
PID:8060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
2⤵
PID:11440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
2⤵
PID:11768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
2⤵
PID:13048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
2⤵
PID:10780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7236 /prefetch:8
2⤵
PID:6164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,3906887914538526104,1776439824547593095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 /prefetch:8
2⤵
PID:2484

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
2⤵
PID:4288

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
PID:4360

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
PID:3748

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
PID:1360

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
PID:2780

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
PID:3384

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
3⤵
PID:3292

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:11492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:12764

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetFltM.inf
Filesize
2KB

MD5
e87981c99ff763113ca116a3ad696027

SHA1
f8ad4145189c6afc08fbf5429a6da96aa1d34840

SHA256
4364c725e14a761776b123c92cc492c0404393cfa7960ffa173a54961774cdce

SHA512
4566c22c9c759cc5acd69846fc910760b68faf5aa4573d3f01c328d2bcd24d3cf735215682737752c22e3ebe11e6ff5e49ef8504fc72b1523bf995ac223cd8f5

Download Submit
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMVMM.dll
Filesize
3.5MB

MD5
0d7e37cfc49b2a947b37ed18967fddc1

SHA1
134a6b26de675f999a8fdd0f2ee757c8338b5358

SHA256
55eee5d11d82a19e7f7cef79223cc5800535d45592b598954d4466f5c1367138

SHA512
0025a9bc8225c2079faac635d29e7d3e5dbf8d45724765a9055f7c74a97b791e51cf5f3290d118b6667473ae02903a2f3830d14caf69e670741e68ddf9cb53de

Download Submit
C:\Program Files\MuMuVMMVbox\Hypervisor\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuth.dll
Filesize
19KB

MD5
419874bf64461f173a2dcde30a9d068a

SHA1
0cedd525d703e5cd680570d79476ae5600cae796

SHA256
fc8b92180b01e3c0579a8ade48fe5c98aed818de0f93de16565905fe90b3d092

SHA512
b5389d13e36424b6d205334bff0c82de657463258aa8cced5cb5b6dcbac6b16c81339c8254fbed77d1f49896c8ae76ed05a05b6afe224abc34dd99cf744ce882

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuthSimple.dll
Filesize
28KB

MD5
271baf8cbf8282a9310a5026c2f42d03

SHA1
cafccdd75c95d06c9d4849b7009351a9459ec7a7

SHA256
4e61790ff8ea8279a003c0427d86248dc74643ceef14dd0bc6543ed008b960aa

SHA512
9a9469920d86b75f1a95817e8c3bab4bd4d17d3240b5837d7777859a947c5a0e4a3987f1b0c91c4366ca970acdbe81288b9e2cc170202a972b8394d6c7667bd7

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMBalloonCtrl.exe
Filesize
144KB

MD5
8a7994be6ea941296b492252de59cc74

SHA1
c5f3ef41482961a89f5649fa3a229fd334f2d268

SHA256
865e6e5f38e3bcefd5d06c4591208f2d555af5294829a4cfff55299ca230dcbd

SHA512
9d20c3dc2582ed252dac46e323c31e019fa8d1e7b8c777596b0e512b57edf5c755112adad2d0e0db0ba8e733a07bc6b895ee024293b1045bb359fc0b0c70ddaf

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMC.dll
Filesize
2.9MB

MD5
3aec0d63173a168c3867dc4b7702fc63

SHA1
0393c5621e5f6f4e7e148d2dc97f7edd6dc78e5f

SHA256
5736d65e53f1663c72eae70f9446e2aad37493dd59007a105733afe34238f202

SHA512
9e7cdd8d07e60962ebf3138225cc7be9fdfaaa333928bd3faf64ec2804ec730dc4935a2ceb9a213ba2055b5e177987727444f733420e9a629e3478fe65f9d769

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMCAPI.dll
Filesize
32KB

MD5
b94fedd54cfe88c84112cc31805faa68

SHA1
d8467b384573ae86861ef8f6ea905fbd838ae2fd

SHA256
cbfca3fe8d0cee14707ead3bb781cfcdb71af1378054d09cbe5bf6f3c9259cf4

SHA512
9a08e44af9f8ff000253cb3c8e801286203a99610b76b76d254d9b7ea1868aff653d9f73475fad93d83e5a5096624a2e044505ba7ea779244cd4b00a7c367eb5

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDD.dll
Filesize
1.7MB

MD5
7d2a12509733e35ad5852e97d34e2f98

SHA1
a0a3f1302d0b3b547b6f41b6f9f3b107a208c80e

SHA256
9697fefe8185831374cd8bcc7d0c41ec5cfe40d0ba8a48929cbf8d0fac1e6721

SHA512
6bc07d62d8a03b29f9eeb5113fb30a42d176f215cfc111303a904a9fb4ec2c61d2ca61db4cb2cab80c54736a857b2113b217cfcdc1c5dab740c2a098f135a5e2

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDD2.dll
Filesize
8.4MB

MD5
6fefd079dd81cb94834423426653e19b

SHA1
3d34874275480f30f8332c3d02ced07dfc78fede

SHA256
d8c3ca57a835272f29ada189c2c6425d513305d53042ccabed149dbccf828cf6

SHA512
3f6fff313816cb89f603012faaf93b7b6d080af70d8f82d1155530958bb16297a84ef23dc0f056d357ec28044a4866e09153e6335a5a3fe6acae3e619e328b22

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDR0.r0
Filesize
200KB

MD5
106dae22290adf78a229d6d3ced17d92

SHA1
816485b26e9624174fa4cecebdcbd0a46d38f8e6

SHA256
d6d4b05170c02ce95c536ae1a2cdd7d3b7a5b54aa14a2a4c4aeed599f92dbb32

SHA512
a2c870bbb13a1bc9c133e3613d84d108d8a5b940bf416f7c82398125f5661102e8a9f41c9e3aa7b4ac11d7bb9beca2d3c101139b962bb5d77a502f2bc9f16957

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDU.dll
Filesize
451KB

MD5
8498781afeeae6dbe42441472a43f9e1

SHA1
a45d908054e6777915c97c2a64a00fc384e302d6

SHA256
6d88fddd662a54924a979cdf1c3f072cbc3e2b12e3cf0a233009a78715435bf7

SHA512
78bf1e68eb7109d71cd28776b59d2b3f38024615942298d411b98486ed60bd01be2dfa9dab4734d54c4559f6affb348c1ec6fa82fa446b376e92241575b21597

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDTrace.exe
Filesize
20KB

MD5
fbc3c4166043d110d30d388edf4b798d

SHA1
a330be676147deea2c8f96131ccf881880064b6d

SHA256
791c8d5f7c1e2db1d380ac284b784714e29037a245033058d15b285ab87504bd

SHA512
21f04df9d9ac65faac9d8f3a523ca20ecc4e5bb89e27e7db66501654e1b8d5e66119db0080077959ae41287541ef3764177c902e071a6a21325fd87d207e881d

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDragAndDropSvc.dll
Filesize
45KB

MD5
371caf53098440e460fbd066ed7f7151

SHA1
4378dbb065a7a396d21746207e25f58863ca246d

SHA256
1e734e64d47242eb7ba4a6d128527cf5c7b4d32ad8640b5801921d579b626911

SHA512
01cb377c8d43647da58d089ae027d2f483606afd6686c4bd59e50a1b98bcd422ea833a3bc2cfdebc8f247c10ac3e4692f9ee887dc1fa2ea6de1596bc6077521e

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.cat
Filesize
11KB

MD5
4d215ca4b7e3cccedc021955f3d8e0dc

SHA1
34281419e17cec26a26a39d74408d80c3a7dce6e

SHA256
67635e38e615cc70f6f6754ecc2d7485914a73b80685e057590eb4f72c1b5441

SHA512
13cdc1f631fad080f4539a65a59d050c7e42fad545f3c190bee5a2ea1b3526df0790f3c8f423b73ca5ab3e71ccb40c603174ce31aee77d24702c77dee8ca1865

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.inf
Filesize
2KB

MD5
423a9e754c1d0067686b7dc1aeffa6b4

SHA1
a57450653e5d9c3126cebe754a1b7e4204044d06

SHA256
586128bd5dc9f67aa56f6b91d133e295c2a2cf3d3eab52672db8bba7cadf3ac2

SHA512
b31f468dfb55de5894962610b09218f49ad4be1148ea8aca9e5e3b5ca4592f0a0ce25d92464e9059e8b52354d3c7befed3db3e57428937b898a8eb492485b580

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.sys
Filesize
358KB

MD5
14e93c14b6d5d5d9db26275dfc987015

SHA1
0585447d1400fcd57b86280453915799de24c7c3

SHA256
cfb29a2e7e938f7f2ec0443d5cf25261468e54c616eb74272c43924bb32e806e

SHA512
41da4d14075c3b47c4228cf1ad964b7a943b59c8e851bd2c264d88e37a7a3f525c9ad15683e5b0f512854eb1088c1d398fef8217a7c420d239c5de12c940639e

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestControlSvc.dll
Filesize
43KB

MD5
d0fe3592f2ca04d63045927a4befc420

SHA1
c831f6dbd84e13170a13a0c8506eca32f1bfd70a

SHA256
42812bbac82102947c8f09911ed612408b0d8d851339da493de021f15c488c58

SHA512
902b34937406d287b4453b78cdd4a2d4f92ff8cf526c03a58e7928d5e26afc5f1907f1d021168aa2f476db941b03dc18de36773d0939da910e922c8423c4e13f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestPropSvc.dll
Filesize
43KB

MD5
1a8e7698d6a8fe8bb8fbdc1bc03e5026

SHA1
43c16440a05bdba0bbeaa3dcf9c9e31563c75ef1

SHA256
c02694a3fe45084e7ef3749795b5fc3ed6f8515397ae78fc1a2ca5355457fce2

SHA512
7b46b522880dd5a60a7e41ecfbaf0a36c7e91ca8699147e151ab2d0b0c663f7598266e6bf8a6c35276ad61d2314419f214d13afc496f3b20cb21e0338306f547

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHeadless.exe
Filesize
215KB

MD5
c1ed3cbf64043c49052768c658f081eb

SHA1
c809a1b955aaa13059f7a3c7a9ea70870c9cc217

SHA256
adc96ee91e917a7f5718a6a918327b3d081e289d097940c18da79d94036dbded

SHA512
947ed6e70046d99063788c56ab9b71ae6e144ba1929ec1910d02393acb132c5c4cd11304b4dfaace131f832770a06260d02c47b4aaba11e4666af30bf4ebfae3

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHostChannel.dll
Filesize
27KB

MD5
a847a9e20ed786d5b5838adbd8d6cae8

SHA1
beff339b2df315764c14c1794b217dee62d669a3

SHA256
d7f250cd9f5066b37d48562d92a8315fb5e0b6512d205cedc1297772af0c86b4

SHA512
1446db9d00bd26f733b5fc0992343b4bcab8b7122bd3d36d1ea75835ea05eeee7c916c8a408150be8f52a60fdc33f882471dc408f05d3e2f43ca14234c047be8

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMInstallHelper.dll
Filesize
187KB

MD5
f4bbc0ff246a38ec930a455f995bd6f0

SHA1
4f44a3b8002245a8648784fc28a6ec54a0c20679

SHA256
1256e679cf2883bb44b4d4f6bfcc44cb332f3a802c396e787e2fbebe67a39dc1

SHA512
2bddea41502aaf6731e3e3c599190001fbb23604b952bd26dd67b9be7d5a3b17bbe85d1fdda42d78b103394f27c13710f7d49e3272606b2cda267fd31014635c

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMManage.exe
Filesize
1.3MB

MD5
a9e4af672f217ef535e9592f5dc971eb

SHA1
27670fb386427d240f91c8503b4f970cc1e6d078

SHA256
7d5b9212da761a3edc07a2ba5f1547f0662be06ae997465e8d5ccae28714e744

SHA512
2b48c4c52ff47d2373b5f3cfd5056595c3b7c7516e66eb3a8c40a5f5b20446fde9dd0440ea814c2817135b1e45a47d08e62539841803f2d1f7e9fbc52961fcd2

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.cat
Filesize
11KB

MD5
4c8e27b491df706887eedcf71be13759

SHA1
e5e11388cd871f54c8c5602deab7ef8392843064

SHA256
8d106e9f8e78d6890161ab12be359ca0e357ce6ad46d9bdc5d80af3448eb94f7

SHA512
e4ed33bd3adc12e62718d93e5d8c8c4fcb61079ff64d50df77014b6730ea2aac15fbca2abb664e19b84bc9d6bde5025a8f71274b7dd7f3e2e66ef07dd5ecc76f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.inf
Filesize
3KB

MD5
92a337482c3995c561139ea8bd7c405b

SHA1
a164ab90cd6e1abedba0c54a96a450d94be4c93b

SHA256
898574b40ca3ab0ce278899e4e585d653eb5dc3a2ac7da57c904a0bf4b0cc014

SHA512
d46f8d7abdf445697303567845390b52a31f3c0e45e8aa357802e667bd4a0816555b3d841f19672adf69c2c31e3dd62e7e6d788d50d95172ac81f5781403a102

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.sys
Filesize
193KB

MD5
e38eaf43e944f9c03104283f105f5363

SHA1
166df8ae9d5e2d3039a5b9a96725c98e43c268c4

SHA256
e7c6793ec48fd075d74eed04933cd256720e4bc4609baa12eb201ef6c89b8108

SHA512
39170fa2c6649106202a45f4dba9800efe0c9e93035df7a59ded989f746cd2d1de971069ef6aae60d34dfbcc7c33b14756a619b430c0289c54439970cc454e7f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.cat
Filesize
11KB

MD5
5b06844dd324d3429d14220f8e03b100

SHA1
d3c29644571053595da3eb84543fb2965fde125a

SHA256
821841dbd1549bf444e8f5082da3feb75fee3f4feabf117b131058d252e5f68d

SHA512
a73a271ad633da89ffd112a9db387e9705edf30e03b18123abbc82671ea471c072be8a9ba81d1e4a7fd853138f64e265f1f01264a25b24a7118d7758b11d8db8

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.inf
Filesize
3KB

MD5
a8cf4a14790dcc315d764fa481adb5ea

SHA1
98d562c329fdbbcae881a4ea7148e6b15544d753

SHA256
94bff036fd5caac9be2ce2b60695f5b881e06211d8fa3ac771a82974c6cbef79

SHA512
05e08c8293f9faff2cb65aa0b5172324ae0adc1c73469fef4c42ad252ca4ce068f564bdfffaf134f1f72f6671ed4acf27d44d0dae17f354ef1c9e6c7373e37b6

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.sys
Filesize
226KB

MD5
4310bfff02dedf0d13d0b763300bdce2

SHA1
50aa2fbd794eba7a6018141eee510c139408d83f

SHA256
5150461b359ab6bd3be49edd77cd8ff429fb02d4e704155d794989f9b485aae9

SHA512
b181b835006ead6ddffe577a1089cef3b3f56475644433285d7274c6fd9e2bb4d2dd9e3bbced63a4e7778213aebeba5499ecb4aaf4dfc1751d895b862f4fa2f4

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.cat
Filesize
12KB

MD5
91bab7bfdb03f17ef945f26ba626fd47

SHA1
79d5b9f174562756ce4649148bf9ee4bd2829dad

SHA256
5fab6bfc10c7feb4ab015373ad1368a7b5e2391c3b971341481a995f72fc07cb

SHA512
e53cecbb9670ea918e1946419c40ef2fa3ebea1e067e66fc244a701721bdad108a102d6d7978d9741afc144d4a4540e1142f865ac9932709fe49b3e31419701d

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.inf
Filesize
3KB

MD5
e61b659c79361ee58dc58998e4cb6373

SHA1
d6e00c2002b23b7c4414319ebc435bbd404d3397

SHA256
1a15705f3aa1cbbf47c1b7fac1ea8a3e00e17958e6ad6b674be2bd7389a0dfbe

SHA512
6d7eec93f8dd10184707c2d0c343eca5caf9f0467bd7efc2b1e1bacd2b36389ebe062e3b8f6d5bea479f7fd0b1f27458923c6866cf6e322dd928473b1c72f669

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.sys
Filesize
205KB

MD5
0ac3c5231442f711d34748bc5d3144e3

SHA1
afcb04e915cbae553d82ae58d54c2531d144e395

SHA256
2457a0c4a3176277e7db80e406f1ddd46c669e01f3f741c6cf3403da31e2ad07

SHA512
7f94a88ceabd9ace0cd65cd49297b482f040ad31b5bbd34955b25f6aafce315cb6fac28fa0a1d61614d3eeae7cdf3bd63e4191d59f2d17267870294ad8a861fa

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFltNobj.dll
Filesize
1.1MB

MD5
a3ef245f632306e11a5b64a2b97c9829

SHA1
d7dc4179114dfe5250c90267b67d82f2beaa9bf4

SHA256
a8de4f22825c5e406efbe4fdfdf63dcc967337848aa5d6a952abacac52bfaf4e

SHA512
2ebfa77be8475c8f0e60f5bdfa05e74c321e95537bd2e41ae4cafa2d5098bce8d68a3873897d8e26c8ff7758dc8fa11b87cbf2366a92ffad7d918d863af45a40

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.cat
Filesize
11KB

MD5
e1712d82f582f98c3a0e78e0d4651c2c

SHA1
6dd1fdf141151ec19916cbb52b6489589bc8d584

SHA256
7ef2dd59e21ca4845a9e09fb64b827cbf6e438e13091fc48ec649ae5fa69fb52

SHA512
0c780fc05b95dea9d1f542e842481f3d18d153a87121ad4cf026d001c8520251641005df7b93c8f17a512cee28cca95afa9ca0ebfa66808e11e19c2ea18c04c5

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.inf
Filesize
3KB

MD5
eeb987061c0c9fe0d0dc49532bc1d3d5

SHA1
ce2a9f432e29a78ddfdd20806cb5724d9e056c58

SHA256
bf673efdb64b7e81069eca5b0c50dfb7e6dbb3bb3295f5d034089cd16b528fef

SHA512
8703585843a33021f4bec2bf674702ca7f48a2fb6f8961539e256212c628660ac75edbf2fe9dae37f3d9267d1ab9451ba0e756307d6133f0875fa4f3898c0803

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.sys
Filesize
236KB

MD5
6c000ac4c46fd78b6599f8e45cc0ce7f

SHA1
c1d7e2809834e62326af0a46cf78f14eaac9dd2e

SHA256
05adb854983e9da8821eff5e50cca5a59ad0fa501966c269bd6e937f29d971da

SHA512
9d590138e97f72307fcf431a273f5af80409c9f2eb848b86b889cd1bab4f6a154719588b85093f244ca912d256584b65d7440dec900aab1160f5cd478435eb68

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStub.dll
Filesize
937KB

MD5
7e75f6671b3cdfabf1e74dc6e0521bdf

SHA1
da28f119b7707053abd8fe157edd9d7345ce4c63

SHA256
08ccef96995cb4c22ce30c865515198366cb466bb2ef98fe6b36aab39c331170

SHA512
ff7f2121e381b710c276185e952957f922767e7e225e5a934997bee2c2dc3eab8ab4f8f275c090e9ab7f259879d64bc26b2fa5560d3ccbdf948d8de8e340d6f9

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStubLegacy.dll
Filesize
634KB

MD5
a24d7cffa168b8f4a742f80f4f4ddfa0

SHA1
885f8f3160e9b6d5b9cc959a1be91ad78c9f6adb

SHA256
8147c429192980729beab4393b5486520cebc2dcb6b95274d55a196e95d12dc9

SHA512
74350a8937c1c46295bfd7b5ef96902a65de3e2d3bfcd482ffc9ba57a2c82998eb1044df81430038278b753c4b2c47b9ba839031da94a4490769d83741877972

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRT.dll
Filesize
6.5MB

MD5
63e8381bf53c0416252d1a014a0d928b

SHA1
c4db51db0436b544226398800d71273d03c9680a

SHA256
c0ab581ffc2859b29588b70b841d2a008674ed673a0e1717a855b41738269f60

SHA512
813852361f6d4841b9c9fe7df4bf03d57e227fcd73cdf3c1e9ecf72df3e3a2632e0f8f7fda1241836aaa91f72ea03c90cff1a95dffe944b6fc868e685e0a9c2c

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRes.dll
Filesize
694KB

MD5
02efb4ef8c50a1d60c657dd19e870abc

SHA1
547069afe3dd59d709cefd8ddecc5bfd32798d7e

SHA256
5831c6fabdb5ff49e965c25184228c08c4c51ba3d5b6b7174ac051b752828687

SHA512
26d35adeed6e81aadfd2e14d81feaf3100939ebeb8ac8983cfadeca1a9b3669e320292286fb07cf89808a027a1286c1bcdc5e8c0f23c8a2c301c3fd7d2fb2114

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVC.exe
Filesize
5.4MB

MD5
672417b44224f7c1ef624de683755c71

SHA1
d83a5b6d903b7c24ee0a458caeb7c3db80e52fa5

SHA256
66a38209fac0f41ad3d6781169faa77c2e384620221c74fa569af278f427eeae

SHA512
9b5cd5fa4fac913a3c333106b7fc375b2fb1041c3ebd78961ee92c164d415fb5e6479ee33e559a7c869a49d1ad75d4e32ae956d7e127c31d06eeaf56cd1d5d2a

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVGA3D.dll
Filesize
216KB

MD5
3165c64b85d9d21a6ff2db42ff09f3ce

SHA1
16e35150c56d9bb9338563662e0185ae76930c18

SHA256
aaaf64798fbbe4cc7362cd3cb4d1aaa55400ae60f406799800415fb36c8367d2

SHA512
1b29c47798f29062cab911a108e289a492d61dbcd019fbd42b7825ccf7720809d0b4f60e29a3bf60595e9b808154a6f61e4b7010174f770b7e208da86799146f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedClipboard.dll
Filesize
57KB

MD5
e9f78eeed4800371f7661e0cfd10a1d1

SHA1
23fb352f858cfc5ddec37565285c1dc4f35aad32

SHA256
5ab420b5b984105a5ada4bf8a5578dce6c3922bfcdfd1d5f15328ca31296e3e8

SHA512
4ad7c3713a42341a881cb7037266af6b86072b886f4808e8745715c86317374b3f271cb8f36bc532af2646b7a6b0c9f25b11766c4b585e5a8a95b1f3b9add698

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedFolders.dll
Filesize
67KB

MD5
d617ae87e5ec1821e9cce9c55595e4f9

SHA1
f39cd6f1528ba80a08b6136a0423804b78ac3050

SHA256
60728396bfa0e5843855d4cc265411ca5ca3359cba2a76eae57afcb7b5967ed1

SHA512
5c950841bf205e520261253171d38ec97b2c9cef0bba73d58e6b905f1062d0efb5097fae963d6b5b7372cab865c7cdbdf89d6f5b354c50d4716c503ff8b2bc14

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSupLib.dll
Filesize
16KB

MD5
b1d93f06d3ff479cdbba4e1c9a64f0e4

SHA1
9fd00492ed595e62e78e80b569e1c39cab9de1d3

SHA256
da0b8f8bc0c91b26477ae12d922a1bd9a16d2e40df36407c50f525e2ceaccb41

SHA512
f5471fd9051c055bc936154475f53c5caf538136f48ad593fa23159b1df31c74956afddd6064d56610789b672d12b2eeb8cd11abb91fd02fb74f8504cc90251e

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.inf
Filesize
1KB

MD5
9ef94bd0428340d94cec3ed921cc2eb4

SHA1
dd94165626d95ab1d351298843f77e9ca0ce0801

SHA256
023cf519b63b84224cb092be487568cac6a75e5da2acb394873dcd48d8747954

SHA512
161b31d7870f06b6fd6648f3106e9582825ab81d2279794ea08eef4ec947740b7c4b8a7b4f21e74dff0e2a654cdfcc9f1f1b5727a8c1abb952e31de3b796bc0e

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.r0
Filesize
1.5MB

MD5
3fba4bc28fcf269cae647d13a3b4cbe3

SHA1
47eb1f7dfbbee99200ac47bc9d5cce17fdd78e62

SHA256
d33aa386475bd529f8c3c9edf9449e9b51b71d8a84515390e405bb246bd57807

SHA512
5ac2042ae175938754ec9918014ea546bd70cea8ee2b9670360b9e4043982bfb103d3fcc6d5c811076fa52205532d5b00e3e6e8923144e4bfb37bb852e8bd041

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Install.exe
Filesize
109KB

MD5
23fcfa8100447716302f10678ec252e6

SHA1
910024cb56024a6c79465f82f55080e906210228

SHA256
e50bef29a5761e459f7a121aca4bd0c953005f501de7cddc35d681434bd2a13e

SHA512
8fe1a51c56fb349bad342c3cb353912b83327f5c51ca4545a1263b4b2af2228f127334837f095ed703cf0e46b5c72fef37ba35a9f2b862c0fd12defee8f36604

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Uninstall.exe
Filesize
97KB

MD5
2cf6860fbdd36126ae62cd6b9a68e082

SHA1
0d6de2281c2f83ea206d6a6259e46f980033b3cc

SHA256
0d2e390ba3aa9f706ae4d5cd5ddab06adc8da485df30098c4fbe5b9b03abce19

SHA512
f48dd46a257cf219a0d79ec49d5622763e7db714c87b0f3c659b8e0528b1bda7cb4192f763fa6edead72fee3cd8488c004f8dad33d0048d7873b7756ab0b046c

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpInstall.exe
Filesize
109KB

MD5
0c7331875db82690b86948c1fb8eac1d

SHA1
fb2e8cd541c721ef656013b2ae122f440902043e

SHA256
2eb76a57e7546b60b800c38cc340e84210317e16fb2c7329d09bc23deef90885

SHA512
0b27c225c9139351c5dcaeac07e7ae0982bfe340ac6f7efe455807ee242107a7ecd3f2c86a9fe9426ab41913721b3c227d2a226c99ea48792fc887444e733bc2

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpUninstall.exe
Filesize
97KB

MD5
281bd3e5c84d35301ec837b59c503e5e

SHA1
4fd001158a33b77f15001549db38e4398de9336e

SHA256
10f55e5725a7044e9120403db8284eac76c05f485a6cbb5dbde10d2a616b88de

SHA512
47d02e1ef91d4bbd1d67ce1ee68d61efb29364b9b9066963cfecc423652e7fbdf06e475572f0f46f367e0c23ae0d01fe2dcaf907e84a822822842d3440846ca5

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltInstall.exe
Filesize
101KB

MD5
da3e3159116e69f1f542892bd1e2ac3e

SHA1
e48bbf9de386f2d067a29edec9332ef000e683e8

SHA256
7a035ad151ef512f54cb4bf8c9bc8fb28e4ba09dc6035887a118aacf4fa50e6f

SHA512
4c514ca647283c1d2ffb5b28ef30c0cb701655a8edd3b9b5866aa7fd2a4e0e30012010794b451cfa8d2a00d7c1e0119cc627df93ec557fb0020d43ed0e4f1614

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltUninstall.exe
Filesize
96KB

MD5
d7f6a5f24ca0d92d26075a002875832a

SHA1
64a27dbbfe27f4867ff8c0fa2f0aa5a3f1968b2b

SHA256
d4f5d26bafa4c3e3c466fc9395be81eff8670cf00a01bacd3f5bd8c22eb460c6

SHA512
f0566e17920021feb18758302be8c3dcd3a02dd2f5f6402888b84daf6f86a668f8d692c8b448ddc275f92961a1abba7383591e2f77ef713447e498b9d7eed0ac

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfInstall.exe
Filesize
102KB

MD5
0642ecf0ed6dca6938ebed269a3094c4

SHA1
ccd17c3e6e0eda4a701c5a8f25df50c948fc16e0

SHA256
d37b9ee12110b1fe757990b8f9fc7e4fe9350c4d26e52671de6c55203f629fff

SHA512
6e975d77e8766e686861cc6fc9fab195ecb172d4d4ded1ae02b962a285a8a5e9ed4abf46b04777582b2f6224f362db2c035329c78a9579c4f36fd8593afa0a6f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfUninstall.exe
Filesize
96KB

MD5
c1daa5ef4cbcdf5d4433a3b0e9825c6c

SHA1
2c5abc45abc8a58ab66528d666c2be2e7d22f294

SHA256
ec2c0a9e11a9072985132004c9962bc528269d7a92bd11d105b529e1d6e03e8b

SHA512
ffc650aeb4c57e0e32020cfacc1845813d147cdc5c5fb76fc66fd7f7debffada389ea949f31e70a64d94c4d4d97d9ca2abf45345470bc6c9611a41d746e7f3b3

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPInstall.exe
Filesize
17KB

MD5
e33988294e3bf2912a26b9f9192e7580

SHA1
66ffa50a155fc6cedc1774b8720ee603045a38a3

SHA256
f6786abfcafc774f6c70dc85ff702c7779cc08c5e7bcc088bebf71b4ef46d58f

SHA512
f3554a30480a2dc8981e86cb6bc32d64311a879d2e9cb922144e7c9dd471138673cfd1348d1d3295b48238cc5931c785cc02b6a4bab1e13b6e15719375e522de

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPUninstall.exe
Filesize
17KB

MD5
5406b2c9bf3b15691375fb30d1c333cf

SHA1
c4968cd87617fb577c6f136be47b53e9dfd7d324

SHA256
c7eccba4a31e43d4b20a360c7858ed7eb12a6252202487b141422b25eb268fde

SHA512
a37cc0750b2a1094b16fbf118a6dcc8745f6b0390c8286540868a77e98eeb17181f67a57c96767e89520d118381d50429f05b082bf509a9b763c7d16de0b5a66

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\VBoxEFI32.fd
Filesize
4.0MB

MD5
26b623e43df7cae3bd321164407c3e35

SHA1
64ec6d9498e488d85a9161dda25ddcad7fe61e9d

SHA256
0ebd5e6f19f87499719bfdd5827444667eba1a43b35a584052886bca72ef99dc

SHA512
c8e586c0bb46ba3fad49e57da85d0228f716094e31e216b82d3ef94a438f3254227466c0beb2903e51ff5c3a3cbbc9551f0f7097e2b1d2845f34988d76fac16d

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\comregister.cmd
Filesize
7KB

MD5
4c0c8a2aee978f63ff9c9bb91eaa98ef

SHA1
784043ee7acbedfa92ede9c6aface266e6ab0606

SHA256
dcddc8c892e73bdb7e3a05d3d7e5ff8cf193ec1e27497a3c0bf5641dc542ccbc

SHA512
cb22df98ec3e32d315e19bb139e08354c30fd64bb7ae11fd86633c042e9128dea0be1af275a9438f90114d1013d6e662327c3add7ef60797aacfd0e22c83bc62

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\libAccelerator.dll
Filesize
168KB

MD5
8041ed0f7b41a89d6aa0fae432ba9316

SHA1
4c30b8a9647cd06a7c3c6d883e1dd9ccbd7f716d

SHA256
5a5f25c1d17557c9cd8740967f2c8de8b23d1caff2011043cf61e4b59cabb9ee

SHA512
3b3295605cd2d043ea6ebb0e0489f2225d85e2915a1f15e1f8b5424fd7140828f3e342a65c42aa5ca243ba3f10e1e27ecb5e16865484e407fcfce9aa8b96485f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\load.cmd
Filesize
4KB

MD5
cc59f91feffd99c115c0a903cff28168

SHA1
e83df545f5d390d0b7210f7aac0d4ef37e00f0f2

SHA256
25bd2bd5472fb2097f2e79e66ffc3bb6aa3d2f974bf9b43d08045f09928a2efc

SHA512
46369b7866fd4215620806a7c12938865bf7416447ccd3fc15cfc6f3905bc4ac07a162b015586183e3c35ff17b607ba963f6ade3de81f15401e2d6d3418756d8

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\loadall.cmd
Filesize
5KB

MD5
571b20f2505a377eea3b6a2bcb2a31f9

SHA1
6240b4fb57d2844fc7a5bade5096f096617a86b7

SHA256
13f7090c7200549b7853e929931ccff1ba29e3497286d37866c14232f1048c8d

SHA512
930b966ce36d21014bfce9e117af38718ad0a0ea1b49bc1fedc6136ff71b043107cb07d8a879e3588dd64f45c2181fa7db6261363d80f5bb31144fda673d34d2

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcp100.dll
Filesize
593KB

MD5
4f096d96285e06cd51aef7d2d3de04da

SHA1
c90ef0eb5b1a0b1b85ad6792291747fb6307dcdb

SHA256
5bb420fbe28315f2117376052bb8488ce84a3398dda65005b8ae1f792017e9a8

SHA512
80f558c50a71ad9c4930b3838b481e4fb453c38d57c91f7f70c1f86e4043b9a4fbcec27d7c025285504cbf3bde7c50b4770f18121d7818ac58e2ee9c2071f97c

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\mumuvmmvmmr0.cat
Filesize
12KB

MD5
d554aec99709b5e977ac72b2e4cf31d8

SHA1
d12dc22ad13349970effd971c77f9d5a165ce2eb

SHA256
6f0ce3c8c3f125d56e6f6c19afc88d38c4679475c720afc1224ab29b8cfb451f

SHA512
4a441d764792e23d8749b2eec563a66d2a4fdb6c61e195fd76095aefde1b1806f7b5699080c0539df4081f0d15c53e8dd5eba76171abb9661b85a7004bb47038

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\my_upload_md5.exe
Filesize
735KB

MD5
ece6882c94aaeab536fc8a168d744e04

SHA1
9ac8a75b32c9f846231994ef43b2bc8e7bad44d9

SHA256
ab96dd5cc65c4bb1b827561496af5712722441cfd9fb3418847e274e7c114798

SHA512
b6b1a8bb1e3877e2280e9ef6164626da2b580e1e9471294898a1bf27e231560fd3540ce8821759a0dcc7b6680eca81500152d666492c1ff7fc9cdc8bd33080ae

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\ucrtbase.dll
Filesize
969KB

MD5
aeea6662f0f7819a077b99441c36178c

SHA1
c3a2ec7fd791235b8b1f2371e94f25a1670f7d00

SHA256
cd48756e96740f84a2aacd6c308997a4a36a953cd77f50cb54c27915a5c5c302

SHA512
b4b3c42e716fffe98f1c65bd2b0f522725ab8b43a7739c0a925b850fc0601e77cdc1e2071813229477d129caa73813ef6eb5c4c806d1c48c90332c429365d639

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140.dll
Filesize
83KB

MD5
0c583614eb8ffb4c8c2d9e9880220f1d

SHA1
0b7fca03a971a0d3b0776698b51f62bca5043e4d

SHA256
6cadb4fef773c23b511acc8b715a084815c6e41dd8c694bc70090a97b3b03fb9

SHA512
79bbf50e38e358e492f24fe0923824d02f4b831336dae9572540af1ae7df162457d08de13e720f180309d537667bc1b108bdd782af84356562cca44d3e9e3b64

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140_1.dll
Filesize
43KB

MD5
3b22b2ec303b0721827dd768c87df6ed

SHA1
86f8af095cf7368ccbff2d0fd6d33586145acd2b

SHA256
3b792da47040c3b3e0804cdc5153eef4e802b6975963029d8dc360cb824a7b62

SHA512
79db774980ee132797f7e7dbc0e055b724d8fbf0e4917523b285f918730adfff81022cc6f5e15469b011d55501fd7b085bc070e9ecdfb75c05f4d6622a7f2475

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.63.0\VAddressDevice.dll
Filesize
67KB

MD5
8c7fa231e13b7b380f8d2b456bfbedb8

SHA1
66e153f427c44c90ef1e59e92723e95a99f75e8b

SHA256
310e5d67c32429145f05e82848fec26176fd1c50d01418a784669c32eb0288c5

SHA512
a62156e2f6db5b5efcaaa17d30233c167bf6b062d6410636d99e56fd0361d936ff3fcb8b80726165dda7bac0f7eb3b178dd604614a380addd1ba7be508e2e4dd

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.69.0\VAddressDevice.dll
Filesize
67KB

MD5
5396238bbc8c218e819f6715b20e6031

SHA1
55ab28093742e28424688799729bc46d60a95a4c

SHA256
33236aa3dcaa4714e0e663799a3fac83593c8afb6e164c1c1c2fa3176a95b15f

SHA512
54df0b2dc50a26c1597932e2362c7c3c92afe83c262a8fea7221c15a3f77caa55897d34c675370eb9b7b955cf2398d26c1bfec4d3e0484b0606b57a4cf0f9c1b

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.86.0\VAddressDevice.dll
Filesize
69KB

MD5
e618cb77d4bb5f61a88fdb91303a2c1e

SHA1
df3f87309db42eb084b46ac963e1c7d69eba8a78

SHA256
55fd58e38c0a9e2f60b5c03750d45ecf0b1b7b873b84a531c224e4bcaa4bd064

SHA512
5acd329ead414008cc670303f404ddfa68abb67dc6f4211d932bd74f7ccbf36e138caaef1ea35b783be5eb11d2efe2c33fb0088aff8036c3fa738db9f5c62020

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.92.0\VAddressDevice.dll
Filesize
80KB

MD5
c452f408b06cf88692c03ba5c534bd76

SHA1
8b3c315e115ba8ffbeecc7878a3034cefe65b5a3

SHA256
bc2f9fa16c1899e8d92a5d3a3f7dfbdbb9a1fc124e252259f2d86f207c2b09d4

SHA512
3ba6e6ffe15a3db3c9a5531a6572de75e428f0608a8b8abbea8e1c3e84bd6a278524b818e9b2351d2cf10094d881696e8051272ad0bd741c893efe31b62f6ae2

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.94.0\VAddressDevice.dll
Filesize
80KB

MD5
d1b49099704f416236c17d028c2a601c

SHA1
b7b04f381dab7838e7d42d5716652debe287ade7

SHA256
1baa6c717e0b402a75872210e878749d021e6b354d21cb94e59012d2f19a9b32

SHA512
c98a3b8e4294240f556603bfb79fc06a92a436629c84284b7beed0999296469e4315ddab04ea0e76cca22a40641272dd53a88d5d0f2570aedd11c0dbb589dae6

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vbox-img.exe
Filesize
2.7MB

MD5
258a8fdbfd2097c1eaf174544c40b193

SHA1
80c0565244c49b9c2ac69e72e72e2bb23e625fb8

SHA256
730ce3b17a58e26bdccafc9a929738e2f204bdc57281918d62cd9845531391a0

SHA512
c7e98caf9e0b5db6364a20bf6b518172524e4edaaaf3041ed00399cf57ac4474d95c0094596bc8b0447d88cc27c6c4d1995f2dc034535717fd86d755a0bf1f24

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDDR0.r0
Filesize
189KB

MD5
f4ed8c30dd14afd80baf61af4f8aef5c

SHA1
e3d6f1480131e932c1473c6b1d4bec6ec6c2aaf1

SHA256
c65929b0e12123e079114fc67e6052e03de5934fb65429d637b6242fb021c5b3

SHA512
922862e372048f29d4eb39c0a2e5fc921e6643e454825f476cfb98780b3d02181b91a9b6f5590d5f4206d7de391aeb6e5e3b72a8a9ca321b77bfc10d9040a3e8

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.inf
Filesize
2KB

MD5
2741226667bdcd9e759f536756f56eda

SHA1
cf437c8a63ce26b0e2a573409c976fa1f7c629c1

SHA256
82606488633ca10859a8a80d00be705a08509b35a9c02aef8b3dc70335bdaa93

SHA512
774699f466a423eb24c1d3b5ed45f49e2eac8f931fc7ca825d14a10a19402e3fd95ebdb5c7c2cfee6a4aa6219ffc157c09a222512fb7b3cef888756c1c12c810

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.sys
Filesize
364KB

MD5
55879de9dca1782537ae1064b2760007

SHA1
f5ad275c3ed5bd8baa829edfe008b626e49f42b4

SHA256
a9bb3be7ce97d0f4ecb78788ffbff7379ab0f7548715049b59a587ded1e8dfb7

SHA512
d8efac11593638fb2baadc7d173113601d3da3aa30efa0af3d295e8f814642bfe81cee7bbece2426ccccda48ecf1969f9de04fb54b44f185ff2f9f740178eb98

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.inf
Filesize
3KB

MD5
127d117df95f3a294b254f65ca929340

SHA1
49f365425911dcfb17ce8f08aa156a66878f0e4b

SHA256
6421fe11bfd94be2a659b4a39483dd71d0c983de9d26caeb22ce92d0d224f39f

SHA512
13e9ee1496af276ae37e8dc236a48109e06b0b044fe05d88415939d3a1db0076a0c95cd7c88e715ac4df01603dd3808a6bf21ccf1ab19895b782b2f91f32f08f

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.sys
Filesize
231KB

MD5
565d6d7e77d6fd5be5ef21fa8188a652

SHA1
02bbb60161ac4da75ced5257633b52462baeb908

SHA256
8517e15ed543bc12a940b03ac5da50c63af1173813640bb1569ec62e45073584

SHA512
7f4763249278e8c89559d0b32646ced82107b440a9819cf9ba967a0cc749114f02f45ce393ab89a07bdc89d6febe047304d5d2e85fa8ebf48cacde814e3dd2f1

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.inf
Filesize
3KB

MD5
d284b3ebd57e803451aee5aa7d07d496

SHA1
4cf6e3f2984fadbd2fe71c6a0d403b2e5c2cc759

SHA256
f2eb223b9f3eb6383bbbfea0b195f3672e8492041d8bfe89505f2f3cc7d462bc

SHA512
c11de75732b67fa2bbb695e60c0c7f75a52cabad86c58d72a05b4f6fca56bb886bf9451f6ef5abcb91c3e65f195176c45eff15846ccc60e7f782fe725685b5ee

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.sys
Filesize
241KB

MD5
a8071a473dcf9147820fa684fe725ac9

SHA1
33bffd62c5555692d3d314ba211b40414f5f580a

SHA256
f377895a45410c5585c27ffb7a44b68b1002985f0c03f562b4b21ff6399f8eca

SHA512
436af1b9bef2cadfd1ece3215cae1662217f4f2e5a299f4773db6748c6e26a78c3957a2e314c4faa22b930b08b811210b25e176f3a985ec0d9322d66077d4250

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.inf
Filesize
1KB

MD5
3a31f44dff80797d944dc1c76abc306c

SHA1
02a336a7614ec019a65a90c971c648c34c814e66

SHA256
f39e3b98a17d4d946879284466a27ec946a07bf869f59ffecbb38451d81337d1

SHA512
1e3382d8bb6f99d96ac9272d9aaac5012fcb31e83a072d22cb4b8965c8c636ccefd31f61e51ac6b8fa79b7fd70038fc259dd45d22b9bbb267f8f17c9b66472cc

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.r0
Filesize
1.5MB

MD5
a5c0e348e7cc0e4cc570aacf9ffcaf29

SHA1
446506fde338687fcc91b176361b51b0a8133045

SHA256
3ae59d3eacd1f837d3163817731820b93139846021aa8aa7220060d174d6cecd

SHA512
966f4100f17bb3a89f650c30f979f15023105f1db2f840a03b31bf53ba5188ff5994baf110e489060b858296b49d620551111695127da8d0ff34360a58c65822

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmdrv.cat
Filesize
10KB

MD5
838ca6cdba04a33267a12f9af842154c

SHA1
a85f476eec0f129676a5552e8984fe9ace437118

SHA256
f10c1616e67f2f9d4ccc15e59ee3df8e6413129f6905db6aa84d9ffe7e7fe662

SHA512
3c522db4d5e835d8fd342ce65f0ec876b3e20dff1c9fd7044b04cf1a0f7fa9c7b8766bbbc8ca71a25c64a7e3ffdbc8a04c7b110494ec440806961439b5b9ae34

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetadp6.cat
Filesize
10KB

MD5
cab436e5abe7f446f8848dea729679e1

SHA1
6c6175df099341fdd9a67cce631e2fe55fb1dc2c

SHA256
ff9525380df941cb1bd07fd72f27882db4b96699d9b785e4c3078b3cbd6ae618

SHA512
15b3c72e20e3c1dd1f184e6bd6b8541efc798e7d57878bcab44bcd46f8d30593faf83596d5d1e0862558cfd316d5f1967be912056efd0582521548e9c963a9bb

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetlwf.cat
Filesize
10KB

MD5
6744dc4f16200c37a96cc3a0e5556285

SHA1
e338196e4af4d5a19b42a2a03cb98447625673d2

SHA256
5aa222dfd3ab9f7316c1c39441946973ab801c00763375a90cf7532b592c4086

SHA512
ba89277be0f910184f0a72a1b0f1d7aae2e540775e86d48f42ab9074e58b7ff6c3b2cf4c717d3d1923f7ff10886a76bf926ebd6189872c6c3fca799fb74b0213

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmvmmr0.cat
Filesize
11KB

MD5
2e23d6718ce96dbfc1be7382fead6ced

SHA1
09b89d917222114b82ac1c3476ee31e01c33842d

SHA256
0885d7ea48192a21d5f37597315c961f6f6a569a4c79080c3229e3c443239efa

SHA512
54f8737e7d3139b654860ae0aed9ec28d5c2049b1e76bff244f8524196c4516023a7cf69b03e4151106eba7145f7c8ad5ae5c2cd62d96cf959e97071aa1b85d9

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml
Filesize
2KB

MD5
5435f060331a523b9e5db9c9957756aa

SHA1
e0f07b59a0ac83b7cea1716cdae4a59aeafa396b

SHA256
91d7772e4a193e91a093d59451508cdb89448eaffb4febda26789777afbacf3d

SHA512
536e731672c1348222490d39099712c7bbcbf8d0c6be5d0f3517c10feb1b47d7942c18703e18c28f36774546a41f18d61fa8096e022a82947d43b11a2641d187

Download Submit
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\SwitchSpecifics.qml
Filesize
2KB

MD5
e6dd3db4f8a582e30f07b77e801428f0

SHA1
d207e34278440fc9b47c6480a47fef13870ffff6

SHA256
a3fff66cd7217029792e7fce403cc658b0ea03b2d3a2860f57479c8ea6bc1372

SHA512
f58e27d7f36e05cb1d6277629ee2e3cc239b2ba73a75d1399a048191e4443dbb1360922b2cc0d36c3a19b04fcdb64f5dbbd0a838736dca658b9caf856031c5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
dfd0fa491f13978c70e2e06a3b41fb09

SHA1
9b48f4d3f113a02d0c0bfb8bc5f3207177a127a8

SHA256
7de373f94cac016673e89ab6ac8360c48b4e26c9d0ea3777ae270e9f033712e5

SHA512
a9608a98355382318097314dbdfb617ff304b0f7f27436138ae9960f26f51c6e3dea3d812e53a7b2655840dad603b507b20829797c872c71eadf3d9faee1d1e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
bff90ee442ca805ba0d2d57b0513b47f

SHA1
6955c7d51e63b57d727656390ffeb49034435aed

SHA256
05ecf6b9a1779000e9687854459aa9001544afbdfef6c642a52b24ccf4d0ec10

SHA512
934c9007703a2de9bcc6a0211db6b41d3b335b16789850dc4874a52854248a3789231ddadaee4bb0ec62f0c9cb37f5635594ec9377b5bcac37dfe4be9cc2d1c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
6911ed908c46ef481a36a7162aa8d5e8

SHA1
2fbc53c628d5ac1a7707b9b766a662e125694696

SHA256
d8e3ef37eb8a077f554bb327ccf41ab2ab974d28a2d2562df0f3894d18900f8e

SHA512
dbf859b4109a9bb0eb9921120292e80e023759ce8bf3e28cc5683ef321f7e1605e231d4d0112995c644c93671b4f8b271278a61ad28453a4727df0d95369abe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
13KB

MD5
6ee170d7ce5936873e93fa7613f80897

SHA1
78510c9dee5c0b91c828ee9344eb6921afe8553d

SHA256
becf65f075fa7a33015db733dd5484f801835861bef54b7dd2b6a240ee245e7a

SHA512
76ad7b5819bf7d721b8a3480387028cbf9343105968aab973b7609b234672e5739bb734dfee568ba6c1e715d25713f4367a94c498354e9a0a5da2415a68ce00a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
99KB

MD5
7fd8648fb69c68f3de69ede7cef94290

SHA1
3efccc9410cf5dc50767d9861a5b53e2525ab9b8

SHA256
3654db71e0c60bf8fe3fd73bfa4e03ceea7977f8f24463747c91b8e9e6670574

SHA512
7b6d37ae2e31122a322a6c5111a5e992df5767e6f7cc4aeed0b60aea9d683ae4494ddce9896d9e3fab9413f26f9105a354efc255539bcafc680d48532ffe54cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
99KB

MD5
69a5b3f7077fa1e3aed405720c7ccae9

SHA1
619f42161f16a6b0a244ae262aea0f7a33e90023

SHA256
d9b3335ce6e87bea2eda9073afa616c85814b360fd2e6a840ec2720e72e3f52d

SHA512
dedf5292cfbef302a9831907c781e05df174acdf02dabb04a5248911ca3d2d3a87c85fd2ef2ff24b15ff786331ce79ddda02a980bc8c3ae07c8cee2baed99795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6760c334-8675-4481-bb27-9a02225b55c4.tmp
Filesize
1KB

MD5
6bc2e13e57e84de69652e6a59fd1002c

SHA1
efacbc009cdcc2f8949ae42d7db636452f976eb1

SHA256
e07ca23f5b99b79ad652fcd0381cb51acbc34a1e7c13be1bb7799a1a1b61b7c6

SHA512
39501a6dfb519b1c0327d5421c985132c6b9e5380dfb4ba263af9f99222a61be0302ffc624051232829015c054488777ff5b447e3b876b768552e4f238113dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
67KB

MD5
4bb360ae7e6ad48f41e6e661dc509bc9

SHA1
e6b8d6b2466d7c701dd2a651d7336a41c079d998

SHA256
39d340184c17611060bc98bdb9e79f805a4ac94299a957850e25a709c50236b3

SHA512
adce176f426c1e1908bb707d3a608bbaa40fbbf69bf0d104bf3f0db0b2f567cc4e5ecb274459023b1918d93df6a4a78198308f3de609c73b006ced2e280ee56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
43KB

MD5
e352d970a4f70796e375f56686933101

SHA1
20638161142277687374c446440c3239840362b4

SHA256
8a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52

SHA512
b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
1.2MB

MD5
ae79a3e945e45f571fdf9ab94bcab4ee

SHA1
eac343e9f3660f78ea5e2f1bd634c8123f207642

SHA256
039c61c90725ad5a7422c5f00cc6d85ff2c57e3f7697b75ec57668e62fc209f7

SHA512
0bfd27261eae0cc6462b71fce73461639fd1b6071797b29e047b16940ce25e79bb50032c289401fef4a10d22f0b1afd801dc9d29e0dbc085486d5fdeb88cb814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
2fa8b9da9800ef439491c199529a977d

SHA1
dedbfab48be683910a020d326c3fcdb78557c35b

SHA256
09aa2afe300486319723433d46d8e7b10ef1eefe5690d7a8997f08c8b875e5dc

SHA512
1c35194b07246c49a193814920640de816e970aa8bf936f5c280c77991968bb9c00c8e57390eb06e4f5e43bbf16b2999115f08ad4cd6754bb04111e314886cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
40af096e9d9122bce4a2b149c6b0f0ae

SHA1
eba69be080cd3854b65fa22b73aa0ae5af7dad9a

SHA256
375d5e64bc0d47df022478a1df4b8cbc1d3f3182a6973c3838db2b1b36bc6a54

SHA512
8b3af08d45cd8dc857b86f5e52b6ad9617130601d34ee0caf4e0dc573219fe9f5b6a77adf969a8814f8677d42f7b3e88d9615414f8dd3af63a88cff569982d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
796B

MD5
b7c590e2af7b6508588ee3799a57b24d

SHA1
eacc8af4b693e85e0241ffb0dad3d2cffb69243d

SHA256
b3b1688278addb0a4634e77d4242d4e21fcf44f234c4f77da4c5e492dd818d6b

SHA512
81bd97bff78391299894216f421c68abc4c9f79dc5ea585e91b1d001262326d497d05d9a40099a7454b1ea33064fca9202d23a4e304e9a5edc6aad4521da5928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
41bb8cc0b74e2d8895240db3a45c3d01

SHA1
f648b272bbf9335867202348bda6fe5f89b9d9a2

SHA256
16a84bbc10a70faed1eb9f1c651c6e5c69633e4c5258ef7338d09812163d3e52

SHA512
1399d9c30af9829db082bc014c81dbfd614dc2ffa8978a130fb58f84888c591d9b544219acab1bedf2da563ef057332a72def0890dba2a52d4c4cbbe711a724f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6b655f5d303ab25c52e4a181686114e9

SHA1
f8693e3356c792bb7c1bf22c3c67cfe9f0328714

SHA256
ef8020ce656499e34031e38e98d77e014769ce27af0e88b81e6781297a024303

SHA512
29b486466884620534b10435d34ef995faff6e29853beb7e976d24197aaa014eeca7593a9ed1041b8c5e824cd6e70a9833df6cf976f1b28bb9641d7b9ffa472b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e89b17d4d985040c3fdafe4e3dbbdb8b

SHA1
7d706fa90aed1b4ab4c998ab03e5de1553b690f1

SHA256
c899084ed9b591d8ccbef19cd032e3200a5baf4fb7bf886ec0f87e5ef2dc85f9

SHA512
667312a49573cb1e93b5d5a17a32fdd15264fb72748be4e2749f1e036a948a818e751ff1e1b2a846dcd00d2b641e5b7b8345caa8a59629ef2aadef099c5f78ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
520a162363637e093f3685d68f3ce8d3

SHA1
860c736a5e20a7e461a43b4940820c1f11fc5af7

SHA256
b3150113183a65c21653e3e68ce8fb31d74ad1ce8d24bb155e3de9a27a6e3a13

SHA512
38691f1d36f9122347fb30275c87dd4d512cf1839a5e418da4f311d8b34b4394ffc9f6c08d7de85df77c84c6d34426dc4e4b740c69686f2f4adf973134a4f769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1be7033298c63978aaef683fd19b8c5f

SHA1
b0bbf9e8dfc20212c3ae458de51a5a1cace9ed64

SHA256
eee519da7229231aea47c5e091437cfceac40fc0d5b53aa15769161a9c72ad7a

SHA512
741bc13484d440e48d024bb87b153001ba82f6c00e6560b1d831969c5ac61991f8c4609b95b969bc593f098fadadfead9425b928a2ed5c5f66a470d4d4fb04cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
6fa22d09facebf967ba5ba0fd96d0426

SHA1
0e618c4253c03e4782951861ac85b4ff757e45ba

SHA256
f9a2567955630a6fe7a5d182ffcc2a474fc5eaa34c06388d7db97abe13d40a85

SHA512
24e13baf9f5f9f46f19645180a68bdd887f5b5b6cfb32b92c0326a3e3e1aa65a8eb08ff5cd53ed9cf1037efbadf93bd091b9c41d06d1a4501eff6d9deaf9962d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
916481e9fd2037a465d013e7e9f3c987

SHA1
1fd734bc6e81f1730b1e2d10a5937c7432832acd

SHA256
ec58a27621c8826619d737cb1355bf45c46158fc83ea0cb68245d3f611fe5784

SHA512
72b5a8c9133f49fdea3969f3e65878355dfc324b3d420dca3e5273ace2f4e6e72f1a92fd9358147afbbe82adddafca1f93336702d06ff96d1e1bb310a4350c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
18c9d626d88f0e9581c1a3010481c652

SHA1
e176cb4803b86dfbfe7ee9077d87dcef3ec76100

SHA256
dd4f9936f1a17f65d0d796a9c15a5c8e4dbc17de4f59b057c150ba08fbd207ab

SHA512
f00146c03537692b11cca8da60946be5f0849f0ae6bafe4b441912e3858db34b3fa1e71b98922a6905bbf26ffa0bf7394d39ee2e7450a19c707ce31fd71f8cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a1b0b.TMP
Filesize
1KB

MD5
c67b42cef3fcb3393845cc44096843d7

SHA1
c7b0f23932650f7d5c66526542daedc93dc36ef7

SHA256
f20315af783cc65929b4b1877ace86e39d4bbe049d319ccd893faf165ac7d6cd

SHA512
400353d99b0ccd49d661d40d02b5164353092bd0d861f3fc01294750464fa07ad8bc5dc5a1ce4ccce917d049d96bd55d993c14701864fb09477321c3c68b5825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
fb754adad8661f5f5d2a25e14c60a3fc

SHA1
bc9bca36269d0ebfb971a8f5f556b5962a3d7f79

SHA256
3afc1f48061a2fd02aabc3f7a7d686428fa1c372e0707c52c4339ff023323c88

SHA512
aa58eccfe7f5e6f895ad64821083868a5d6635b8c5812a85b5f62dfa65774f7cb5ba794f64a66bf5ebe2293f570fd256da7f14d09892ae4ca1fe11a460a80d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2240d7ff928ca35a2d84e74bba65a8dc

SHA1
d2710867fdf634d2afa9ef21a417928a75c27783

SHA256
b1f4d925d0d99d392424584f360f81c7dc77f0ad6e93b00ade09e8e62d394ac9

SHA512
e2c6b826964cb11b20be4581d542ff6815201c42ec6e2f5624346d27ccd9f02442f2f8af140b8b6acaeb11892dc85dcf13068dacbd5e440519919cae247159e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f64c904db0babc199841b68e146613f7

SHA1
68d6cd2e83f1ded212a295fee9e212be77f6d5ea

SHA256
dab3fa24c4f05d95b6c532fc74f8eee21bb6372329e9f0b877ce18a12b4ab08c

SHA512
223b051d317b57972cd43c0a151115b5b5601b0a216fff2813009e4a529f90ac1b6993eafe1b24dc1638d7e720df0a2b5d999bf2ec8f460345e5a6c8aae53ecb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\seoxtri5.default-release\activity-stream.discovery_stream.json
Filesize
21KB

MD5
dc41a87ffc28c33f6dd68a1e3478174f

SHA1
5bbc03217a87b4a10015cd1b550124e75b122b1b

SHA256
3a20236ab3f26f8e1ef0d8d3f79049da196a4ae2bb509aa2d98109c3fd7a03a8

SHA512
64a90ae1bf64a6f290d50844c4fe40fa540fffec7b995960ff1572aa3a7d5658cf6838b9eb3ca1d608c49b1240b86dbdba8ed284a0ad3aa704965aa2578e9333

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z782A7E94\ColaBoxChecker.exe
Filesize
4.0MB

MD5
839708e3f96cf055436fa08d6205263c

SHA1
a4579f8cb6b80fe3fd50099794f63eb51be3292f

SHA256
1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

SHA512
ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z782A7E94\HyperVChecker.exe
Filesize
117KB

MD5
dbd84c6083e4badf4741d95ba3c9b5f8

SHA1
4a555adf8e0459bfd1145d9bd8d91b3fff94aad0

SHA256
9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39

SHA512
fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z782A7E94\MuMuDownloader.exe
Filesize
5.7MB

MD5
2f3d77b4f587f956e9987598b0a218eb

SHA1
c067432f3282438b367a10f6b0bc0466319e34e9

SHA256
2f980c56d81f42ba47dc871a04406976dc490ded522131ce9a2e35c40ca8616e

SHA512
a63afc6d708e3b974f147a2d27d90689d8743acd53d60ad0f81a3ab54dfa851d73bcb869d1e476035abc5e234479812730285c0826a2c3da62f39715e315f221

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z782A7E94\baseboard
Filesize
115B

MD5
cb02e1383d0793c6bb8c09fd87185c98

SHA1
5385fbbe717f336a09f3a2b058448bab36cbd9f5

SHA256
434fa622ab9d1c16f856960f304efcdb72697e73c29228218bb6ff18125b1065

SHA512
2e2a62844e6e6f9a18af467b251cd60291660bee58a78eadddbe6802b362520a735f7bd9a5d463bc5daef35dfa4082ebdc98a3715422f8d7ea9e43af8492eefa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z782A7E94\config.ini
Filesize
346B

MD5
d00fb4c61a255b58ff09886c6c72461b

SHA1
4e4f7d7ae36f67a4d6fc8479f8400b3eb769e978

SHA256
77dec4d79e1e844a2156f101defc0fc81c138a989e8ba1c722c58feb91b3cd4a

SHA512
8494ab9fe0594f3ff7b0893ca3e25d6d0a706e546e92c5b662aa864affcefe5f9721a6a95f37f40cdacf39d27a23e2b3cd5dbca4d7b8909cd7c186209d4b46db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z782A7E94\nemu-downloader.exe
Filesize
3.2MB

MD5
cdf8047ceae80d9cd9eb798a57bf6084

SHA1
8e7971401fada3099aed61849745fda37e1c0d32

SHA256
1f01a9abac64fae72e0a253ad9ffe2d62cd2967c1c2bc90fb956ac446fe2b11e

SHA512
ac366f38f39b935110192d1355147392ced5a21966cc22386804356dce24b2da7971a6a60d675689f93d74014d961bfb3b0c13cf06809b9f9feef580045e20dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z782A7E94\skin.zip
Filesize
509KB

MD5
ecb43530caf9566c1b76d5af8d2097f1

SHA1
34562ada66cd1501fcb7411a1e1d86729fd7fdc0

SHA256
a12381f97aee2d91568f44b23e866ccc99f0ae5e5961f318ed24b72f4f5da80a

SHA512
4a243c0bc4dbaf892bee91ea7eff9e6a7732d3aa2df5bebd9a4bea2859a30a8511945ce3bb823f7ef921f2e1a98906fb676fce85f25fd5908646b3a2f5d02563

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-HypervisorDriverUninstall.log
Filesize
50B

MD5
abdafce361b743ce2b265c8fa2b9c1ae

SHA1
dad27f32a35288ec4dd75115e2b73932968c0241

SHA256
54aa3c35d1230b46f7b3db82936b288312f7b1ce654a77252d170c5f38aa9124

SHA512
fcb6f7c029dd38cee4d83af4af4a0942c94af053c2e69f32566ab214febb413509876c79cf0450d7a0f81b167994aa15f2d861c3d55ebcafdabef2fb9315a939

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeforeScStart.log
Filesize
270B

MD5
0649d4c069fb3136de50d9ebe44b7cac

SHA1
a58bf5d93120eb91eab5ad7af282c99c0e36c4ba

SHA256
aba93de5e732f49ecdd398b49f44752478a6ba279222bfce8b622a37124fbcf5

SHA512
829daae9029c6741c06374f2b7f642e88d3f5707d7eb9ef45692a16d1a05f8d6f66305ddf51a222a8748157317f76c5115cbf1bcce0cbbb4b0c4e56a50813854

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeginUninstall.log
Filesize
122B

MD5
6bbcfd360c0797e6650f0d3cb1c36109

SHA1
e22b5f6a4654134d687a3908464e67faa23d84ff

SHA256
df023ca139e8dcb21f0d4a603b34af95f980c1e388c97e4735dd698d0329113c

SHA512
0281c1cc1b104c73f130068a905e37b75f3c3a40884d3e2cc421aeaf6a3c6b938393894fe750fa7de44b9d0a25f9b3c11bb386fd133b3d710a549632ed9ea604

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCD4.tmp\AccessControl.dll
Filesize
23KB

MD5
bb0f26c7a18434ee1d648c7e6743d1fe

SHA1
f7503b348aa7c7691668fbb64ccd541e247f87e5

SHA256
1b4d25f2f544f520c20493ee1e9ac7b3043aab88e4ff87953390d357de4c2096

SHA512
4311e960a4f8f441b25c5ec9a82d64112016ff9c4510dfb082a0c1bcce2d03cb2871912dcaafc5d00f07ed9ac4d6d7998cdcea2bfc84f7180b2f62a2cf24e08d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCD4.tmp\ExecDos.dll
Filesize
14KB

MD5
e2716246ee731417abee9ea26cec1d56

SHA1
6687e5d8b0b705fcdd9a4020215891d5b7723084

SHA256
691ffd34264d1813827c35083367a08aec974e9f79fb585b7d2d367c83760fbd

SHA512
355bb040570a1ba64a03463a9e6695015c2ffda5f30b7ce801c39ab1a7ba36134bb8fa9b5a1ffd102f6d71091b77133f8d68d305d5c1949ccad2e8eab0258505

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCD4.tmp\LogEx.dll
Filesize
52KB

MD5
6eba32325d2db645c958c551f0aa2e31

SHA1
b116cc9ff0369af681ebf805a1a3befedd9ab868

SHA256
cf7b45a69a13551db95dcdefc8bfdd4128e1c1db67198347b43469b69c36b844

SHA512
6c48038341bb16ce50b01c99f8ebfc919adfce61008d9718c06d55e92e54625ed2ab6ac850592e847bca61d7d57809dd531afeea4f0fb0c8310cfe1710f37927

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCD4.tmp\System.dll
Filesize
12KB

MD5
283555de06751c261b66243bbb1558da

SHA1
4532ed4e255ad0163494a02081b45e893ad666f9

SHA256
b6298637fea88a44e4de3f6b7fe254fb73857c08f1dcd8bd1af6f9eb5e6e7e3c

SHA512
469dbb4b7cc0d4f59d903415fbb7ea6417323f0daa2aeb2945a9744668f3d9fa95eb34a9d64a647835b563c74c3484c6d4b823a75119599aa5f975dbe471d3ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCD4.tmp\UAC.dll
Filesize
22KB

MD5
b7e1d609915cf0b3f9dfee488a92fc91

SHA1
d9c873b39e3cac648742568378fe788b2cae6e84

SHA256
fa3bb333f615689691ff98527dc3341e3b8ffee4bf97c6128820bf0d303930e7

SHA512
ae4a00659f522996600bd0754b2f2706e297939ea616ada66e590409c6c2f28ed7ed39b67a078ae72e9b472a97291c7f3da42339051ef1a3d1941b0368b2e775

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCD4.tmp\UserInfo.dll
Filesize
3KB

MD5
cb310d97bd72a6ae8fc6e44c88ef9e8c

SHA1
ed935c8f17340fecb7021dddd9dc7de0e23bf487

SHA256
d6fae2e57c84b25b73fe942fb7ba725158b21ec81c9d989845b64ba1ee337c27

SHA512
8351004d0bf86c5577940613cee26803d797b2375038726ce31827d66038664aaf74399d7d5e11c6487012942fb4f147b7021d6e887ac09c39f541991f594f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCD4.tmp\nsProcess.dll
Filesize
12KB

MD5
b6cd62358973125f52d756d6d3aee8b2

SHA1
7c9fcfa85a88c507517a659f778355b56cef921f

SHA256
44c14f1edfe7deef518264675e3e4edb6991d5ea0d50f0f6b18a819dc31bbcba

SHA512
a5b756e3e1a31ad7ad9026bc492de2ef8983385e7c920a2e3eea363df3c6d112cea2a0373cd9bd8be1fb3536ee9623c6844b3c7a92d8cf6ee050aeec7cee76bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
Filesize
5KB

MD5
e7e10dd579a44a9f27c6fd8684ca5053

SHA1
6319a29ac22d394195991785f3c977dcd37a9cc2

SHA256
bdce6348f3a33f25a6e5755a85bc7823e944ae123b1ff6986938a00c64c2572c

SHA512
58da07ed55af9c32687d7921186bb06967ab3e80ad3578907db857974cc9df8a3791408435e6c1526585a80d7574cb58c41b3cfa1a3f6366abcb9ab7ded9cdb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
Filesize
6KB

MD5
9f0c7d31b33a3cef854699aa6c506440

SHA1
3b9a3ac48f646a9e8e927c650301985e0132279f

SHA256
9ea574e86ad2553a64a30f1c450755d36ad0411fb379d7d10ee81fdfd8eb8a90

SHA512
425e6d3fb59a997c337c7bc0822404cb3ccba9d2edc317f3b27343450dda6c34889e454d3197a5a0fe4515e35f645dfa999e52304bac058b7b684fd54477ff25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
Filesize
5KB

MD5
d28355070a16710ec89a2bc15e40fa4c

SHA1
ea783bceac131ce61552f34e8fe5ad6f1de03aa8

SHA256
6d4f0f0339cbd0fe2141c9b1086ff907006183e728703ab25725f0cddcecae60

SHA512
a32c4265cd035dd665ca6cffb0ed10238e47ad78f388ee4f13ba72ea00fd31b2f81d6a2a6dc9f9e37bb50f7d6d6ef1f2d4b26e48a3a85517c2c9580aec8efe9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
Filesize
6KB

MD5
e38b5d0c0d157235008a2030b68d2ddb

SHA1
c3aea58646544d64b2d286b4fbdb548735c2f5fe

SHA256
f018d5c651c9e7b502c5421967cc8aeacbc3fbc5aa1a778d3eed3605bf32df08

SHA512
e892ab3f4464d7079ca974a5708d9ed05d338ac8bed1f1b242136896042d5ddfa1cfce056c644b2c81372d76d3677b086d8410f61a547c9a5dd82fe6a1de0527

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\15e0e417-2b9a-40f6-9cea-f0387e631a33
Filesize
25KB

MD5
1b6d70b4da314014f7dd392fd30f196b

SHA1
33520fe7b2586fe880ff58a68e179ba190b2d850

SHA256
c65203d5af3ab47d3ab818b7a45d07186c3f8ac98c768f12bb3de4690d5ca628

SHA512
c0ed20c814e93836111ce2ca0fe18a09167828cf760bff9b5ca95ef2afd4b04e557af7aeda3d05c49f40f95636ba68cd8945225000b036688ed459663b6ad93c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\e3617b66-c601-4f4d-a431-acc32e999cbb
Filesize
671B

MD5
e015c5e07d77669d3ff522b1b3cb8797

SHA1
e809c7b926c020fd53eb2fcc84c4bae3b1a11056

SHA256
8415ae26850d77a6e8f5120b8f2d8476afc5c4bd01c572b751759dea971f0db7

SHA512
cd242a077fa8a92e7a1a51577b052cfb447b13513a13ce415e482eccb43b9ab8aab92ea41425e0e955cda46e131494e60addf498c7a8e56cd740d4d9b5766ac3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\ee856bfb-d204-45b1-8ee8-c4ceba27e23b
Filesize
982B

MD5
64723df8f53ba90d0bc75d3327a948c0

SHA1
a8797a8283cc9976746d5706a9d865d5cc48fda4

SHA256
bf9557dc16cd5c45bd98248f1619b73e7b2ba83eb98bcb1c7ed9b30ae5670d41

SHA512
07a0f70ef1f6317065341096f8e735fd24f3d116f127c6861a6895a1883ac23f0e2536b1f77da856cabf3d6a845253ab2465fb451bd7162669393e2fdef15f96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs.js
Filesize
10KB

MD5
3cd9650fad8091711e4266d931e923e4

SHA1
13636cc42b4bc17673424cb1de9caea4362b14e9

SHA256
8f343a943a62c5ecf47626f49d31c714b40eb82c95c431c95937ccd2119b37f7

SHA512
071fc7415dbf0dc4ffa54a84acb5519fa5be437a4ca56b45d5702397cdc933cdbdfe60ac75941594a602b731a9b8b3caa12f250bbc2a33db0d847cf9d73b53d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs.js
Filesize
11KB

MD5
65c8da4444d5580bc0cfbf7b62cc3ebf

SHA1
047f9c2c98d41a5bb3de4651dc0febc71bc999e6

SHA256
f7c76a45dde287819a0e83d909765da6164f5f33c00801ce3dfa05fc91d8ab7f

SHA512
4cfdd1d74d677ca958b2dd64c6aec498b0b2dd82afa7b3a344b1180a63753be555363730d8a5399eac456972c6983591cfdef2dd6aea84412c78071b41472048

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionCheckpoints.json.tmp
Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
memory/1156-72-0x00000000006E0000-0x0000000000C95000-memory.dmp

Filesize
5.7MB

Download
memory/1156-560-0x00000000006E0000-0x0000000000C95000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads