5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874

Analysis

max time kernel
944s
max time network
1119s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
03-07-2024 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LDPlayer9_ens_1001_ld.exe
Size

3.3MB
MD5

86fca06e090f8017dd323ccc516a7ed9
SHA1

720fd4f4d0ac09308d19d229c8fbfde71313ce7d
SHA256

5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874
SHA512

05f6ea47c48a2da3304a2d14a741403200ccf47e1f1b7155a2eba3fe694e4f42b8a327010fbc20b720ba06e4f84ee96b39d885989ae7cd20cc459261cd02b34b
SSDEEP

49152:SLgmKyhrX/3MwVn1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701hOHZ4:IgmKEX/3MS1t0xOoGBiCV2H1l

Score

8^/10

discovery execution exploit persistence privilege_escalation

Malware Config

Signatures

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002

Manipulates Digital Signatures 1 TTPs 64 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

Processes:

regsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28\FuncName = "WVTAsn1SpcLinkDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLPUTSIGNEDDATAMSG\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2012\FuncName = "WVTAsn1SealingTimestampAttributeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "EncodeAttrSequence"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe

Possible privilege escalation attempt 6 IoCs
exploit

Processes:

takeown.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exe

pid process

2128 takeown.exe
3952 icacls.exe
2472 takeown.exe
4608 icacls.exe
3184 takeown.exe
1568 icacls.exe
Modifies file permissions 1 TTPs 6 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exetakeown.exeicacls.exetakeown.exeicacls.exetakeown.exe

pid process

3952 icacls.exe
2472 takeown.exe
4608 icacls.exe
3184 takeown.exe
1568 icacls.exe
2128 takeown.exe
Downloads MZ/PE file
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

nemu-downloader.exe

description ioc process

File opened (read-only) \??\F: nemu-downloader.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

42 discord.com
53 discord.com

pid	process
2128	takeown.exe
3952	icacls.exe
2472	takeown.exe
4608	icacls.exe
3184	takeown.exe
1568	icacls.exe

pid	process
3952	icacls.exe
2472	takeown.exe
4608	icacls.exe
3184	takeown.exe
1568	icacls.exe
2128	takeown.exe

description	ioc	process
File opened (read-only)	\??\F:	nemu-downloader.exe

flow	ioc
42	discord.com
53	discord.com

Drops file in System32 directory 2 IoCs

Processes:

LeoMoon CPU-V.exeLeoMoon CPU-V.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\winmgmts:{impersonationLevel=Impersonate}!\root\cimv2	LeoMoon CPU-V.exe
File opened for modification	C:\Windows\SysWOW64\winmgmts:{impersonationLevel=Impersonate}!\root\cimv2	LeoMoon CPU-V.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exednrepairer.exe

description	ioc	process
File opened for modification	C:\Program Files\MuMuVMMVbox\LoadedDrivers\	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetLwf.inf	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.sys	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxNetDHCP.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-console-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-handle-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\vcruntime140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxCpuReport.exe	dnrepairer.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMDDR0.r0	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\NetFltInstall.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\VBoxPlaygroundDevice.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-convert-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\libssl-1_1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-conio-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\MuMuVMMVbox\.backup\Hypervisor\.backup_info	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\msvcp100.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-private-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-time-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\loadall.cmd	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-debug-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\win7\mumuvmmnetadp6.cat	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMRT.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\NetFltUninstall.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\VBoxAutostartSvc.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\GLES12Translator.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDD2.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-libraryloader-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp6.sys	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetFltUninstall.exe	dnrepairer.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\libAccelerator.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\vaddress\0.0.94.0\VAddressDevice.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\win7\MuMuVMMDrv.sys	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\msvcr120.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5Gui.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-math-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMHeadless.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\NetAdpInstall.exe	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\UICommon.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMDDU.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetFltNobj.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSharedClipboard.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-rtlsupport-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-locale-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll	dnrepairer.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp6.inf	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\VirtualBoxVM.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libOpenglRender.dll	dnrepairer.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\msvcr100.dll	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMVMMR0.inf	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-profile-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\concrt140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-file-l2-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9VMMR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5PrintSupport.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxStubBld.exe	dnrepairer.exe

Drops file in Windows directory 2 IoCs

Processes:

dism.exedismhost.exe

description ioc process

File opened for modification C:\Windows\Logs\DISM\dism.log dism.exe
File opened for modification C:\Windows\Logs\DISM\dism.log dismhost.exe

description	ioc	process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dism.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe

Executes dropped EXE 38 IoCs

Processes:

LDPlayer.exednrepairer.exedismhost.exeLd9BoxSVC.exedriverconfig.exednplayer.exeLd9BoxSVC.exevbox-img.exevbox-img.exevbox-img.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exednplayer.exeLd9BoxSVC.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exednplayer.exeLd9BoxSVC.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeMuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exenemu-downloader.exeColaBoxChecker.exeHyperVChecker.exeHyperVChecker.exeHyperVChecker.exeMuMuDownloader.exeMuMuNG-setup-V3.8.18.2845-overseas-0417125205.exeMuMuVMMSVC.exe

pid	process
3524	LDPlayer.exe
2056	dnrepairer.exe
4264	dismhost.exe
2020	Ld9BoxSVC.exe
708	driverconfig.exe
3956	dnplayer.exe
3960	Ld9BoxSVC.exe
2512	vbox-img.exe
4488	vbox-img.exe
2240	vbox-img.exe
3020	Ld9BoxHeadless.exe
2868	Ld9BoxHeadless.exe
1484	Ld9BoxHeadless.exe
2592	Ld9BoxHeadless.exe
456	Ld9BoxHeadless.exe
7096	dnplayer.exe
6152	Ld9BoxSVC.exe
6572	Ld9BoxHeadless.exe
6640	Ld9BoxHeadless.exe
1760	Ld9BoxHeadless.exe
6788	Ld9BoxHeadless.exe
6860	Ld9BoxHeadless.exe
6368	dnplayer.exe
6976	Ld9BoxSVC.exe
6696	Ld9BoxHeadless.exe
7016	Ld9BoxHeadless.exe
5724	Ld9BoxHeadless.exe
2532	Ld9BoxHeadless.exe
2140	Ld9BoxHeadless.exe
5220	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
2864	nemu-downloader.exe
900	ColaBoxChecker.exe
3684	HyperVChecker.exe
6856	HyperVChecker.exe
5820	HyperVChecker.exe
6652	MuMuDownloader.exe
1580	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
8280	MuMuVMMSVC.exe

Launches sc.exe 46 IoCs

Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid	process
6332	sc.exe
3500	sc.exe
9124	sc.exe
8076	sc.exe
8276	sc.exe
2876	sc.exe
4812	sc.exe
10088	sc.exe
9988	sc.exe
5524	sc.exe
1756	sc.exe
6856	sc.exe
9464	sc.exe
8908	sc.exe
8912	sc.exe
8412	sc.exe
2848	sc.exe
5612	sc.exe
4160	sc.exe
7260	sc.exe
9176	sc.exe
7504	sc.exe
8820	sc.exe
9300	sc.exe
3084	sc.exe
6280	sc.exe
6088	sc.exe
7200	sc.exe
6176	sc.exe
7816	sc.exe
1008	sc.exe
6804	sc.exe
5528	sc.exe
6544	sc.exe
4596	sc.exe
4684	sc.exe
9568	sc.exe
2128	sc.exe
7424	sc.exe
7720	sc.exe
8132	sc.exe
5420	sc.exe
2672	sc.exe
8524	sc.exe
8232	sc.exe
7936	sc.exe

Loads dropped DLL 64 IoCs

Processes:

LDPlayer9_ens_1001_ld.exednrepairer.exedismhost.exeLd9BoxSVC.exeregsvr32.exeregsvr32.exeregsvr32.exe

pid	process
4972	LDPlayer9_ens_1001_ld.exe
4972	LDPlayer9_ens_1001_ld.exe
4972	LDPlayer9_ens_1001_ld.exe
2056	dnrepairer.exe
2056	dnrepairer.exe
2056	dnrepairer.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
4264	dismhost.exe
2020	Ld9BoxSVC.exe
2020	Ld9BoxSVC.exe
2020	Ld9BoxSVC.exe
2020	Ld9BoxSVC.exe
2020	Ld9BoxSVC.exe
2020	Ld9BoxSVC.exe
2020	Ld9BoxSVC.exe
2020	Ld9BoxSVC.exe
2020	Ld9BoxSVC.exe
2020	Ld9BoxSVC.exe
4556	regsvr32.exe
4556	regsvr32.exe
4556	regsvr32.exe
4556	regsvr32.exe
4556	regsvr32.exe
4556	regsvr32.exe
4556	regsvr32.exe
4556	regsvr32.exe
568	regsvr32.exe
568	regsvr32.exe
568	regsvr32.exe
568	regsvr32.exe
568	regsvr32.exe
568	regsvr32.exe
568	regsvr32.exe
568	regsvr32.exe
568	regsvr32.exe
3492	regsvr32.exe
3492	regsvr32.exe
3492	regsvr32.exe
3492	regsvr32.exe
3492	regsvr32.exe
3492	regsvr32.exe
3492	regsvr32.exe
3492	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

dnplayer.exednplayer.exednplayer.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

2020 taskkill.exe
2920 taskkill.exe
4748 taskkill.exe
1516 taskkill.exe

pid	process
2020	taskkill.exe
2920	taskkill.exe
4748	taskkill.exe
1516	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

dnplayer.exednplayer.exednplayer.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe

Modifies registry class 64 IoCs

Processes:

Ld9BoxSVC.exeLd9BoxSVC.exeregsvr32.exeregsvr32.exeLd9BoxSVC.exeLDPlayer.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FF5A-4795-B57A-ECD5FFFA18A4}\NumMethods\ = "26"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C60-11EA-A0EA-07EB0D1C4EAD}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6038-422c-b45e-6d4a0503d9f1}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E8B8-4838-B10C-45BA193734C1}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xapk	LDPlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-34B8-42D3-ACFB-7E96DAF77C22}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CurVer	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\ = "IBIOSSettings"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\CLSID	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\NumMethods	Ld9BoxSVC.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\ = "IBooleanFormValue"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9641-4397-854A-040439D0114B}\ = "IGuestScreenInfo"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\NumMethods\ = "16"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3618-4EBC-B038-833BA829B4B2}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D4FC-485F-8613-5AF88BFCFCDC}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E191-400B-840E-970F3DAD7296}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9849-4F47-813E-24A75DC85615}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\NumMethods\ = "229"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-a227-4f23-8278-2f675eea1bb2}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-929C-40E8-BF16-FEA557CD8E7E}\NumMethods\ = "115"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1A29-4A19-92CF-02285773F3B5}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0}\NumMethods\ = "12"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-48DF-438D-85EB-98FFD70D18C9}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E8B8-4838-B10C-45BA193734C1}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F04-4191-AA2F-1FAC9646AE4C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-d4fc-485f-8613-5af88bfcfcdc}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\TypeLib	Ld9BoxSVC.exe

NTFS ADS 6 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 690187.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 907886.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\leomoon-dot-com_leomoon-cpu-v_win.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 368613.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 475560.crdownload:SmartScreen	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

LDPlayer9_ens_1001_ld.exeLDPlayer.exednrepairer.exepowershell.exepowershell.exepowershell.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exednplayer.exednplayer.exednplayer.exemsedge.exenemu-downloader.exeMuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

pid	process
4972	LDPlayer9_ens_1001_ld.exe
4972	LDPlayer9_ens_1001_ld.exe
4972	LDPlayer9_ens_1001_ld.exe
4972	LDPlayer9_ens_1001_ld.exe
4972	LDPlayer9_ens_1001_ld.exe
3524	LDPlayer.exe
3524	LDPlayer.exe
3524	LDPlayer.exe
3524	LDPlayer.exe
3524	LDPlayer.exe
3524	LDPlayer.exe
3524	LDPlayer.exe
3524	LDPlayer.exe
2056	dnrepairer.exe
2056	dnrepairer.exe
644	powershell.exe
644	powershell.exe
2660	powershell.exe
2660	powershell.exe
2976	powershell.exe
2976	powershell.exe
3524	LDPlayer.exe
3524	LDPlayer.exe
4972	LDPlayer9_ens_1001_ld.exe
4972	LDPlayer9_ens_1001_ld.exe
4652	msedge.exe
4652	msedge.exe
4788	msedge.exe
4788	msedge.exe
2336	msedge.exe
2336	msedge.exe
2436	identity_helper.exe
2436	identity_helper.exe
3864	msedge.exe
3864	msedge.exe
2552	msedge.exe
2552	msedge.exe
5484	msedge.exe
5484	msedge.exe
5484	msedge.exe
5484	msedge.exe
3956	dnplayer.exe
3956	dnplayer.exe
3956	dnplayer.exe
3956	dnplayer.exe
7096	dnplayer.exe
7096	dnplayer.exe
7096	dnplayer.exe
7096	dnplayer.exe
6368	dnplayer.exe
6368	dnplayer.exe
3288	msedge.exe
3288	msedge.exe
2864	nemu-downloader.exe
2864	nemu-downloader.exe
2864	nemu-downloader.exe
2864	nemu-downloader.exe
2864	nemu-downloader.exe
2864	nemu-downloader.exe
2864	nemu-downloader.exe
2864	nemu-downloader.exe
1580	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
1580	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
1580	MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

Processes:

dnplayer.exeLeoMoon CPU-V.exednplayer.exeLeoMoon CPU-V.exednplayer.exe

pid process

3956 dnplayer.exe
5580 LeoMoon CPU-V.exe
7096 dnplayer.exe
3216 LeoMoon CPU-V.exe
6368 dnplayer.exe
Suspicious behavior: LoadsDriver 20 IoCs

Processes:

pid process

656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656

pid	process
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exe

pid	process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

LDPlayer9_ens_1001_ld.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exeLDPlayer.exe

description	pid	process
Token: SeDebugPrivilege	4972	LDPlayer9_ens_1001_ld.exe
Token: SeShutdownPrivilege	4972	LDPlayer9_ens_1001_ld.exe
Token: SeCreatePagefilePrivilege	4972	LDPlayer9_ens_1001_ld.exe
Token: SeDebugPrivilege	2020	taskkill.exe
Token: SeDebugPrivilege	2920	taskkill.exe
Token: SeDebugPrivilege	4748	taskkill.exe
Token: SeDebugPrivilege	1516	taskkill.exe
Token: SeTakeOwnershipPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe
Token: SeDebugPrivilege	3524	LDPlayer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

dnplayer.exemsedge.exednplayer.exednplayer.exe

pid	process
3956	dnplayer.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
3956	dnplayer.exe
7096	dnplayer.exe
7096	dnplayer.exe
6368	dnplayer.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
6368	dnplayer.exe
4788	msedge.exe

Suspicious use of SendNotifyMessage 18 IoCs

Processes:

dnplayer.exemsedge.exednplayer.exednplayer.exe

pid	process
3956	dnplayer.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
3956	dnplayer.exe
7096	dnplayer.exe
7096	dnplayer.exe
6368	dnplayer.exe
6368	dnplayer.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

LDPlayer9_ens_1001_ld.exeLDPlayer.exednrepairer.exenet.exedism.exe

description	pid	process	target process
PID 4972 wrote to memory of 2020	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 2020	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 2020	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 2920	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 2920	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 2920	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 4748	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 4748	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 4748	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 1516	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 1516	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 1516	4972	LDPlayer9_ens_1001_ld.exe	taskkill.exe
PID 4972 wrote to memory of 3524	4972	LDPlayer9_ens_1001_ld.exe	LDPlayer.exe
PID 4972 wrote to memory of 3524	4972	LDPlayer9_ens_1001_ld.exe	LDPlayer.exe
PID 4972 wrote to memory of 3524	4972	LDPlayer9_ens_1001_ld.exe	LDPlayer.exe
PID 3524 wrote to memory of 2056	3524	LDPlayer.exe	dnrepairer.exe
PID 3524 wrote to memory of 2056	3524	LDPlayer.exe	dnrepairer.exe
PID 3524 wrote to memory of 2056	3524	LDPlayer.exe	dnrepairer.exe
PID 2056 wrote to memory of 776	2056	dnrepairer.exe	net.exe
PID 2056 wrote to memory of 776	2056	dnrepairer.exe	net.exe
PID 2056 wrote to memory of 776	2056	dnrepairer.exe	net.exe
PID 776 wrote to memory of 3604	776	net.exe	net1.exe
PID 776 wrote to memory of 3604	776	net.exe	net1.exe
PID 776 wrote to memory of 3604	776	net.exe	net1.exe
PID 2056 wrote to memory of 2400	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 2400	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 2400	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 3456	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 3456	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 3456	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 1180	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 1180	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 1180	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 456	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 456	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 456	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 2596	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 2596	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 2596	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 5000	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 5000	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 5000	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 1580	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 1580	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 1580	2056	dnrepairer.exe	regsvr32.exe
PID 2056 wrote to memory of 2472	2056	dnrepairer.exe	takeown.exe
PID 2056 wrote to memory of 2472	2056	dnrepairer.exe	takeown.exe
PID 2056 wrote to memory of 2472	2056	dnrepairer.exe	takeown.exe
PID 2056 wrote to memory of 4608	2056	dnrepairer.exe	icacls.exe
PID 2056 wrote to memory of 4608	2056	dnrepairer.exe	icacls.exe
PID 2056 wrote to memory of 4608	2056	dnrepairer.exe	icacls.exe
PID 2056 wrote to memory of 3184	2056	dnrepairer.exe	takeown.exe
PID 2056 wrote to memory of 3184	2056	dnrepairer.exe	takeown.exe
PID 2056 wrote to memory of 3184	2056	dnrepairer.exe	takeown.exe
PID 2056 wrote to memory of 1568	2056	dnrepairer.exe	icacls.exe
PID 2056 wrote to memory of 1568	2056	dnrepairer.exe	icacls.exe
PID 2056 wrote to memory of 1568	2056	dnrepairer.exe	icacls.exe
PID 2056 wrote to memory of 3428	2056	dnrepairer.exe	dism.exe
PID 2056 wrote to memory of 3428	2056	dnrepairer.exe	dism.exe
PID 2056 wrote to memory of 3428	2056	dnrepairer.exe	dism.exe
PID 3428 wrote to memory of 4264	3428	dism.exe	dismhost.exe
PID 3428 wrote to memory of 4264	3428	dism.exe	dismhost.exe
PID 2056 wrote to memory of 2848	2056	dnrepairer.exe	sc.exe
PID 2056 wrote to memory of 2848	2056	dnrepairer.exe	sc.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4972

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2020

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2920

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4748

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1516

C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1001 -language=en -path="C:\LDPlayer\LDPlayer9\"
2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3524

C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=1376298
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2056

C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
4⤵
- Suspicious use of WriteProcessMemory
PID:776

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
5⤵
PID:3604

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
4⤵
- Manipulates Digital Signatures
PID:2400

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
4⤵
- Manipulates Digital Signatures
PID:3456

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
4⤵
PID:1180

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
4⤵
PID:456

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
4⤵
PID:2596

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
4⤵
PID:5000

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
4⤵
- Manipulates Digital Signatures
PID:1580

C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2472

C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:4608

C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3184

C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1568

C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
4⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3428

C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\dismhost.exe {E8686B18-58E3-48D8-86F3-ED7D681714DE}
5⤵
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
PID:4264

C:\Windows\SysWOW64\sc.exe
sc query HvHost
4⤵
- Launches sc.exe
PID:2848

C:\Windows\SysWOW64\sc.exe
sc query vmms
4⤵
- Launches sc.exe
PID:1008

C:\Windows\SysWOW64\sc.exe
sc query vmcompute
4⤵
- Launches sc.exe
PID:3084

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2020

C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
4⤵
- Loads dropped DLL
PID:4556

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
4⤵
- Loads dropped DLL
PID:568

C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
4⤵
- Loads dropped DLL
- Modifies registry class
PID:3492

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
4⤵
- Modifies registry class
PID:3716

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
4⤵
- Launches sc.exe
PID:1756

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
4⤵
- Launches sc.exe
PID:4596

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:644

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2660

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976

C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
3⤵
- Executes dropped EXE
PID:708

C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2128

C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff953c23cb8,0x7ff953c23cc8,0x7ff953c23cd8
3⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2020 /prefetch:2
3⤵
PID:2760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
3⤵
PID:424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
3⤵
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
3⤵
PID:2600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
3⤵
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3912 /prefetch:8
3⤵
PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3956 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
3⤵
PID:2592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
3⤵
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
3⤵
PID:1812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
3⤵
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
3⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
3⤵
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
3⤵
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
3⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
3⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
3⤵
PID:5140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
3⤵
PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
3⤵
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
3⤵
PID:5708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
3⤵
PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
3⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
3⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
3⤵
PID:2864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
3⤵
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
3⤵
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
3⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
3⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
3⤵
PID:5264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
3⤵
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8472 /prefetch:1
3⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9212 /prefetch:1
3⤵
PID:680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:1
3⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9252 /prefetch:8
3⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
3⤵
PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9796 /prefetch:1
3⤵
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1020 /prefetch:1
3⤵
PID:1296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=9312 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10416 /prefetch:1
3⤵
PID:6692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10372 /prefetch:1
3⤵
PID:6884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
3⤵
PID:5484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
3⤵
PID:6860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9948 /prefetch:1
3⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
3⤵
PID:7032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10056 /prefetch:1
3⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9948 /prefetch:1
3⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
3⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
3⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10196 /prefetch:1
3⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
3⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:1
3⤵
PID:7132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11172 /prefetch:1
3⤵
PID:6168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
3⤵
PID:5576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9984 /prefetch:1
3⤵
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9932 /prefetch:1
3⤵
PID:668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11324 /prefetch:1
3⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11332 /prefetch:1
3⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11828 /prefetch:1
3⤵
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12152 /prefetch:1
3⤵
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12272 /prefetch:1
3⤵
PID:6956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12268 /prefetch:1
3⤵
PID:7088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12980 /prefetch:1
3⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10576 /prefetch:1
3⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12952 /prefetch:1
3⤵
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13076 /prefetch:8
3⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12920 /prefetch:1
3⤵
PID:6272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1
3⤵
PID:2056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10956 /prefetch:1
3⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11864 /prefetch:1
3⤵
PID:6804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10532 /prefetch:1
3⤵
PID:896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12620 /prefetch:1
3⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12732 /prefetch:8
3⤵
PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13284 /prefetch:1
3⤵
PID:6192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13476 /prefetch:1
3⤵
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13568 /prefetch:1
3⤵
PID:2660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13700 /prefetch:1
3⤵
PID:5436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11780 /prefetch:1
3⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
3⤵
PID:6824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
3⤵
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13240 /prefetch:1
3⤵
PID:6028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12208 /prefetch:1
3⤵
PID:6188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13412 /prefetch:1
3⤵
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
3⤵
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12884 /prefetch:1
3⤵
PID:6920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12520 /prefetch:1
3⤵
PID:5864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1
3⤵
PID:6492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12484 /prefetch:1
3⤵
PID:5884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12952 /prefetch:1
3⤵
PID:5844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
3⤵
PID:7060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11080 /prefetch:1
3⤵
PID:5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
3⤵
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11332 /prefetch:1
3⤵
PID:5696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12156 /prefetch:1
3⤵
PID:2844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11424 /prefetch:1
3⤵
PID:4080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12324 /prefetch:1
3⤵
PID:5456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
3⤵
PID:6004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=13160 /prefetch:8
3⤵
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12160 /prefetch:1
3⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11752 /prefetch:1
3⤵
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13060 /prefetch:1
3⤵
PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
3⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12228 /prefetch:1
3⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11696 /prefetch:1
3⤵
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
3⤵
PID:6768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12692 /prefetch:1
3⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
3⤵
PID:5616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12576 /prefetch:8
3⤵
PID:6396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8096 /prefetch:8
3⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3288

C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
"C:\Users\Admin\Downloads\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe"
3⤵
- Executes dropped EXE
PID:5220

C:\Users\Admin\AppData\Local\Temp\7z4761F464\nemu-downloader.exe
C:\Users\Admin\AppData\Local\Temp\7z4761F464\nemu-downloader.exe
4⤵
- Enumerates connected drives
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2864

C:\Users\Admin\AppData\Local\Temp\7z4761F464\ColaBoxChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z4761F464\ColaBoxChecker.exe" checker /baseboard
5⤵
- Executes dropped EXE
PID:900

C:\Users\Admin\AppData\Local\Temp\7z4761F464\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z4761F464\HyperVChecker.exe"
5⤵
- Executes dropped EXE
PID:3684

C:\Users\Admin\AppData\Local\Temp\7z4761F464\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z4761F464\HyperVChecker.exe"
5⤵
- Executes dropped EXE
PID:6856

C:\Users\Admin\AppData\Local\Temp\7z4761F464\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z4761F464\HyperVChecker.exe"
5⤵
- Executes dropped EXE
PID:5820

C:\Users\Admin\AppData\Local\Temp\7z4761F464\MuMuDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\7z4761F464\MuMuDownloader.exe" --log="C:\Users\Admin\AppData\Local\Temp\nemu-downloader-aria.log" --log-level=notice --check-certificate=false --enable-rpc=true --rpc-listen-port=57536 --continue --max-concurrent-downloads=10 --max-connection-per-server=5 --async-dns=false --file-allocation=prealloc --enable-mmap=true --connect-timeout=5 --rpc-max-request-size=1024M --stop-with-process=2864
5⤵
- Executes dropped EXE
PID:6652

C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe" /S /auto_start=false /fchannel=gw-overseas12 /D=F:\Program Files\Netease\MuMuPlayerGlobal-12.0
5⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1580

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:10088

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
6⤵
- Executes dropped EXE
PID:8280

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
6⤵
PID:8420

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
7⤵
PID:8632

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
6⤵
PID:8604

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
7⤵
- Modifies registry class
PID:8592

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /RegServer
6⤵
PID:9020

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
6⤵
PID:8968

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
7⤵
PID:8316

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
6⤵
PID:10212

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
7⤵
PID:9044

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:9096

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:8888

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:9464

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe"
6⤵
PID:10152

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:9988

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
6⤵
- Launches sc.exe
PID:9300

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
6⤵
- Launches sc.exe
PID:9568

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:6088

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" start MuMuVMMDrv
6⤵
- Launches sc.exe
PID:5612

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" start MuMuVMMDrv
6⤵
- Launches sc.exe
PID:5524

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:2128

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:4160

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:7200

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:7260

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:7424

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:6176

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:9860

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:5128

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:5528

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
6⤵
PID:10012

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
6⤵
PID:8632

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
7⤵
PID:10048

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
6⤵
PID:6048

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
7⤵
PID:8440

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "comregister.cmd -u"
6⤵
PID:7572

C:\Windows\SysWOW64\net.exe
NET FILE
7⤵
PID:8608

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 FILE
8⤵
PID:8560

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cd
7⤵
PID:8592

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cd
7⤵
PID:8992

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ver
7⤵
PID:8836

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
7⤵
PID:8976

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
7⤵
PID:8968

C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
8⤵
PID:8316

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMClient-x86.dll"
7⤵
PID:8740

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
7⤵
PID:9260

C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
8⤵
PID:8776

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMProxyStub-x86.dll"
7⤵
PID:9168

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:10060

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:8344

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:9124

C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.18.2845-overseas-0417125205.exe" /S /auto_start=false /fchannel=gw-overseas12 /D=F:\Program Files\Netease\MuMuPlayerGlobal-12.0
5⤵
PID:9400

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:8908

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
6⤵
PID:6704

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
6⤵
PID:3340

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
7⤵
PID:7048

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
6⤵
PID:5392

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
7⤵
PID:5468

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /RegServer
6⤵
PID:6752

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
6⤵
PID:5052

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
7⤵
PID:2292

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
6⤵
PID:6356

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
7⤵
PID:1920

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:5040

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:5264

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:7720

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe"
6⤵
PID:7836

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:7936

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
6⤵
- Launches sc.exe
PID:7816

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
6⤵
- Launches sc.exe
PID:8076

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:8132

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" start MuMuVMMDrv
6⤵
- Launches sc.exe
PID:8232

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" start MuMuVMMDrv
6⤵
- Launches sc.exe
PID:8276

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:9176

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:5420

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:8912

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:7504

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:8820

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:8412

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:6900

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:9800

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:8524

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
6⤵
PID:2756

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
6⤵
PID:2508

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
7⤵
PID:5156

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
6⤵
PID:7212

C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
7⤵
PID:7320

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "comregister.cmd -u"
6⤵
PID:1052

C:\Windows\SysWOW64\net.exe
NET FILE
7⤵
PID:6404

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 FILE
8⤵
PID:8348

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cd
7⤵
PID:1604

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cd
7⤵
PID:5168

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ver
7⤵
PID:11064

C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
7⤵
PID:11104

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
7⤵
PID:11184

C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
8⤵
PID:11208

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMClient-x86.dll"
7⤵
PID:8980

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
7⤵
PID:9584

C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
8⤵
PID:10656

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMProxyStub-x86.dll"
7⤵
PID:6528

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:2016

C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
6⤵
PID:6676

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
6⤵
- Launches sc.exe
PID:6544

C:\Users\Admin\AppData\Local\Temp\7z4761F464\7z.exe
"C:\Users\Admin\AppData\Local\Temp\7z4761F464\7z.exe" a -tzip "C:\Users\Admin\AppData\Local\Temp\nemux.zip" "C:\Users\Admin\AppData\Local\Temp\nemux"
5⤵
PID:6816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
3⤵
PID:748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1556 /prefetch:1
3⤵
PID:8820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11932 /prefetch:1
3⤵
PID:8872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1552 /prefetch:1
3⤵
PID:112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
3⤵
PID:2616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12724 /prefetch:1
3⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12832 /prefetch:1
3⤵
PID:7884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
3⤵
PID:7812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
3⤵
PID:8436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11140 /prefetch:1
3⤵
PID:5848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
3⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
3⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11992 /prefetch:1
3⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
3⤵
PID:6868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
3⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11352 /prefetch:1
3⤵
PID:6496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
3⤵
PID:7600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10520 /prefetch:1
3⤵
PID:7644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14092 /prefetch:1
3⤵
PID:7696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14208 /prefetch:1
3⤵
PID:7632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14216 /prefetch:1
3⤵
PID:7164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14240 /prefetch:1
3⤵
PID:7652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12744 /prefetch:1
3⤵
PID:10300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11920 /prefetch:1
3⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9932 /prefetch:1
3⤵
PID:7036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
3⤵
PID:6672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
3⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10112 /prefetch:1
3⤵
PID:7032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12244 /prefetch:1
3⤵
PID:6188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9560 /prefetch:1
3⤵
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12744 /prefetch:1
3⤵
PID:6676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10696 /prefetch:1
3⤵
PID:11076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
3⤵
PID:9844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13824 /prefetch:1
3⤵
PID:10572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10984 /prefetch:1
3⤵
PID:6296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1
3⤵
PID:10740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
3⤵
PID:6524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11352 /prefetch:1
3⤵
PID:10764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
3⤵
PID:6420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13790807757293351065,8078108522978109196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:1
3⤵
PID:10788

C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe"
2⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3956

C:\Windows\SysWOW64\sc.exe
sc query HvHost
3⤵
- Launches sc.exe
PID:2672

C:\Windows\SysWOW64\sc.exe
sc query vmms
3⤵
- Launches sc.exe
PID:4684

C:\Windows\SysWOW64\sc.exe
sc query vmcompute
3⤵
- Launches sc.exe
PID:2876

C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
3⤵
- Executes dropped EXE
PID:2512

C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
3⤵
- Executes dropped EXE
PID:4488

C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
3⤵
- Executes dropped EXE
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
3⤵
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff953c23cb8,0x7ff953c23cc8,0x7ff953c23cd8
4⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
3⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff953c23cb8,0x7ff953c23cc8,0x7ff953c23cd8
4⤵
PID:6100

C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\dnplayer.exe" index=0|
3⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:7096

C:\Windows\SysWOW64\sc.exe
sc query HvHost
4⤵
- Launches sc.exe
PID:4812

C:\Windows\SysWOW64\sc.exe
sc query vmms
4⤵
- Launches sc.exe
PID:6280

C:\Windows\SysWOW64\sc.exe
sc query vmcompute
4⤵
- Launches sc.exe
PID:6332

C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\dnplayer.exe" index=0|
4⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6368

C:\Windows\SysWOW64\sc.exe
sc query HvHost
5⤵
- Launches sc.exe
PID:6804

C:\Windows\SysWOW64\sc.exe
sc query vmms
5⤵
- Launches sc.exe
PID:3500

C:\Windows\SysWOW64\sc.exe
sc query vmcompute
5⤵
- Launches sc.exe
PID:6856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004E4
1⤵
PID:4572

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Modifies registry class
PID:3960

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:3020

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:2868

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:1484

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:2592

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3136

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
PID:5580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Modifies registry class
PID:6152

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:6572

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:6640

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:1760

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:6788

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:6860

C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
PID:3216

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Modifies registry class
PID:6976

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:6696

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:7016

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:5724

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:2532

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:2140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5984

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\MSVCP120.dll
Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\LDPlayer9\crashreport.dll
Filesize
51KB

MD5
19dae6362eb73913f7947f719be52516

SHA1
e157307ae8e87c9a6f31bc62ecdf32d70f8648d9

SHA256
ae0eba69019294d03e11d68fea0ee72e77bfe156803f1b83bc8566a0a4d3584d

SHA512
f5eb5771eb03f7f2067e32573397814ff3ef54dc7fae0abadad6bfdcafef6a4a5bf6f3ab9874c0530cb70cb995f6716ca8fa1cba175ed5a1d298c700f6e59ad2

Download Submit
C:\LDPlayer\LDPlayer9\device.ini
Filesize
91B

MD5
dba7fefc48f3b90350effad166abf887

SHA1
263d9ceb08d10685ff4222d7c89cb563d2c411f8

SHA256
02cf1d1f11940dcc79c52917a12f52f3a0b3aa3a381ce86d86d3a15c50ac5292

SHA512
34789e652fc0155e6d18e779d57fdea51c4fc439f96313e0d5290558402d4171d8f8abdcca31d01eb5d50b0bedbaa68b0f70d47df8a4ab714a4f40e6c5a1d2ab

Download Submit
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
Filesize
1.2MB

MD5
330013a714c5dc0c561301adcccd8bc8

SHA1
030b1d6ac68e64dec5cbb82a75938c6ce5588466

SHA256
c22a57cd1b0bdba47652f5457c53a975b2e27daa3955f5ef4e3eaee9cf8d127a

SHA512
6afb7e55a09c9aac370dff52755b117ad16b4fc6973665fce266ea3a7934edfb65f821f4f27f01f4059adb0cf54cc3a97d5ff4038dc005f51ecee626fd5fadd1

Download Submit
C:\LDPlayer\LDPlayer9\dnplayer.exe
Filesize
3.6MB

MD5
2061141f3c490b5b441eff06e816a6c2

SHA1
d24166db06398c6e897ff662730d3d83391fdaaa

SHA256
2f1e555c3cb142b77bd72209637f9d5c068d960cad52100506ace6431d5e4bb0

SHA512
6b6e791d615a644af9e3d8b31a750c4679e18ef094fea8cd1434473af895b67f8c45a7658bfedfa30cc54377b02f7ee8715e11ee376ed7b95ded9d82ddbd3ccc

Download Submit
C:\LDPlayer\LDPlayer9\dnrepairer.exe
Filesize
41.9MB

MD5
4def56a3500d5a4dec3ff797a88c5751

SHA1
1a53c9c6f3d1e27ac8532e09f87990505c8090de

SHA256
c09b51bdc9039b976a55eb8dc7c517d65d8d5f6eadda92d2de27ceee7845b0e4

SHA512
a96322ca61f45875bfdb7b514ce1a95bbc1faba3fc0b7bc7c0af3f05d68c14e47fddff64e595f6bf053df7e1efad3e5f9e33f3bc2e09501c3c20de62864ae1d8

Download Submit
C:\LDPlayer\LDPlayer9\dnresource.rcc
Filesize
5.0MB

MD5
d4d2fd2ce9c5017b32fc054857227592

SHA1
7ee3b1127c892118cc98fb67b1d8a01748ca52d5

SHA256
c4b7144dd50f68ca531568cafb6bb37bf54c5b078fbac6847afa9c3b34b5f185

SHA512
d2f983dde93099f617dd63b37b8a1039166aaf852819df052a9d82a8407eb299dac22b4ffe8cab48331e695bf01b545eb728bec5d793aeb0045b70ea9ceab918

Download Submit
C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
Filesize
17.4MB

MD5
93b877811441a5ae311762a7cb6fb1e1

SHA1
339e033fd4fbb131c2d9b964354c68cd2cf18bd1

SHA256
b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b

SHA512
7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

Download Submit
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
Filesize
103KB

MD5
4acd5f0e312730f1d8b8805f3699c184

SHA1
67c957e102bf2b2a86c5708257bc32f91c006739

SHA256
72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

SHA512
9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
Filesize
652KB

MD5
ad9d7cbdb4b19fb65960d69126e3ff68

SHA1
dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d

SHA256
a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326

SHA512
f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
Filesize
1.5MB

MD5
66df6f7b7a98ff750aade522c22d239a

SHA1
f69464fe18ed03de597bb46482ae899f43c94617

SHA256
91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f

SHA512
48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
Filesize
2.0MB

MD5
01c4246df55a5fff93d086bb56110d2b

SHA1
e2939375c4dd7b478913328b88eaa3c91913cfdc

SHA256
c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889

SHA512
39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
Filesize
442KB

MD5
2d40f6c6a4f88c8c2685ee25b53ec00d

SHA1
faf96bac1e7665aa07029d8f94e1ac84014a863b

SHA256
1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334

SHA512
4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
Filesize
1.2MB

MD5
ba46e6e1c5861617b4d97de00149b905

SHA1
4affc8aab49c7dc3ceeca81391c4f737d7672b32

SHA256
2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

SHA512
bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
Filesize
192KB

MD5
52c43baddd43be63fbfb398722f3b01d

SHA1
be1b1064fdda4dde4b72ef523b8e02c050ccd820

SHA256
8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f

SHA512
04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
Filesize
511KB

MD5
e8fd6da54f056363b284608c3f6a832e

SHA1
32e88b82fd398568517ab03b33e9765b59c4946d

SHA256
b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd

SHA512
4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
Filesize
522KB

MD5
3e29914113ec4b968ba5eb1f6d194a0a

SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe

SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
Filesize
283KB

MD5
0054560df6c69d2067689433172088ef

SHA1
a30042b77ebd7c704be0e986349030bcdb82857d

SHA256
72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750

SHA512
418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

Download Submit
C:\LDPlayer\LDPlayer9\msvcr120.dll
Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config
Filesize
955B

MD5
f6fa4a9d372cb5db7d77752d0440cf36

SHA1
8ede7d6864e688c0f515ddbc1e68e32bba89809a

SHA256
e3363fdb5aebe8bdbc5bd91731079ba4ad3fd3b1aaa3f2e3ccb310306bc14058

SHA512
bf2939daac704297c9032e305c2ae9ebaae9ed92abb9d917aa12565b47830e525e9ba76dd4649bc1d41f844814cac5dcde9145664b0064be5f9045513540dd92

Download Submit
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config
Filesize
641B

MD5
c7ca8a1c78f492c36e3a11e673239f7e

SHA1
ab49ce0c0e1a19bc08304e8155f20b25c69cf354

SHA256
6159def0f7e98a81d2476fcb01773cff023a0a6f6f51149b7f779e01161ba8f6

SHA512
c3c4bf71bdf85200332f48d95f6354fe2a5791e59c5578ea9c6ecacfbef8510b17119e7c976947095fbd57e4762acca8b01b8db8a1a79700073a6a24fa161139

Download Submit
C:\LDPlayer\LDPlayer9\vms\config\leidians.config
Filesize
411B

MD5
01182ae923802a106ced0a41f0ae58d5

SHA1
07e2ab57dff3692180cddf6d64de531f68f2ebb3

SHA256
dcef210493fb66268726f56ac99a4ac69fd448d5c6bd12c833c51535143543a3

SHA512
c6361ed82b676080fa5c3c0571a2b4775e343e3659fe846a7fa1ed60ee7960568f03992e3bc43f185277c88e1b181b8ed55a9c78445583a62cdce0f055470974

Download Submit
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
Filesize
35.1MB

MD5
447096904cbac326ee83c7794ea06912

SHA1
b9ecc4bccc5c1009b85dc9ce513020c5559c1663

SHA256
4ac1b2acf2bf06d666218351f542630bd97624ee31b56d502752b419e2550588

SHA512
5687cfe193f843f0e12f00a360649f327f87feb57824cdb10e408a7fe6c179ed0f0de6bd85990fc193499f32f53fbbaec1445689878b9258b88062f8013459b3

Download Submit
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
Filesize
35.1MB

MD5
4d592fd525e977bf3d832cdb1482faa0

SHA1
131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef

SHA256
f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6

SHA512
afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

Download Submit
C:\LDPlayer\ldmutiplayer\pathconfig.ini
Filesize
54B

MD5
78c0d9004aa344baaa47551c130abc59

SHA1
34d45151ca26a8f1dca6b39757dab5338a2b0991

SHA256
673dd49dd896049f7213620a0fa5618283957360345122af8ca3f83eb815e37a

SHA512
48d9094f6442466cdfa9dfe4b7e5c7225af99a268903d005ed20a4f825a2c02cce86be896b964f0a5411d32c460d705beb1a0d82dd66f6991e37ddfc2eda20ab

Download Submit
C:\Program Files\MuMuVMMVbox\.backup\Hypervisor\.backup_info
Filesize
9KB

MD5
0c0e3468843b95f706a24af52198ea50

SHA1
d82205e83d0c7ea92125a090829610e27e816d08

SHA256
8ce1559d507bed32aac83b8c02fb7190a98d475792b49d264d106dae72bdc4b3

SHA512
23e02799af3cf2cba06bf3d8ce74640aa27f129631f97816b26b62e1158321fdeee52760240534a3af06938e78ec34627afc7aedfb92f54d825359e0081a543c

Download Submit
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetAdp.sys
Filesize
193KB

MD5
e38eaf43e944f9c03104283f105f5363

SHA1
166df8ae9d5e2d3039a5b9a96725c98e43c268c4

SHA256
e7c6793ec48fd075d74eed04933cd256720e4bc4609baa12eb201ef6c89b8108

SHA512
39170fa2c6649106202a45f4dba9800efe0c9e93035df7a59ded989f746cd2d1de971069ef6aae60d34dfbcc7c33b14756a619b430c0289c54439970cc454e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bbfb66ff6f5e565ac00d12dbb0f4113d

SHA1
8ee31313329123750487278afb3192d106752f17

SHA256
165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754

SHA512
8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9a91b6dd57fc9c4880d34e9e7c6b760f

SHA1
77a09da6ef4343a8b232386e000cd2d6b9fc30a3

SHA256
0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a

SHA512
9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
47KB

MD5
127b7a9f7009939d0ae5dd1a48386985

SHA1
f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac

SHA256
9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962

SHA512
b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
Filesize
32KB

MD5
d2fa74eca9d32a4d2e972aac6374e508

SHA1
44d505f520ec8840633b7ec0534a98a135f0c261

SHA256
ef08e7461ad13377993a74ae88ea9afcac9d54c3051fc9291cdc1df89ff339ef

SHA512
a6c545da622f610d174431ef09cd466834bf47c14fd9cfa6571a4207452844a161958adf6c30370facae99a446fb7d0a33ef0d6745024430c9c977043ab00f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
Filesize
76KB

MD5
cc5d46a7b78993931c3e0ab884508407

SHA1
1c0fa6c50625847a2f372a4f48d9a5a06c53963e

SHA256
9d7e9b5cd16bdd32d40279bb5ef2c0ac6f8613c0e518f3fe6a29a060dc63b372

SHA512
6a1930b4f2286e649a247c561e612c0375845a24b3b8f513a92947e906f94831122666f8192d5be114345bf54fcb461d8672ac6bcd24fad3ccc965d2b4271701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
Filesize
25KB

MD5
05e9679509b61424a07cc4d4efb7247f

SHA1
db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81

SHA256
31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b

SHA512
1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
Filesize
39KB

MD5
86659cb81913286b60bef702d78fcc43

SHA1
16d938544561fa7751af393fff0c0c2703194076

SHA256
0aa504c37f612dce0af4689a1f09b806fa9ea8a8eeba1ab695034855b2a80645

SHA512
b618d180829da2653529da7458d3270b6a2d2efef46b63afabae59e7fe454ad66e0f4cb5d43638dfc3ac4c864b828c0a7e13b702d87933fbd2a42e58516bf3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
Filesize
16KB

MD5
cfa2ab4f9278c82c01d2320d480258fe

SHA1
ba1468b2006b74fe48be560d3e87f181e8d8ba77

SHA256
d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e

SHA512
4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
Filesize
21KB

MD5
c99a6d99b8fe6b4737b211b497848564

SHA1
fd44f4edada95fc7136904147e23ea9fd2f63f74

SHA256
9d142e74424c3c33d63812acd9e20a6c8be5bb0a7302af20141f4951c92cac6e

SHA512
811f5d9008aea96d6634477d93d736cab1f093b4f56789cd12bf6bb8a7f2e6b14ba11b8ac73ab7f85907382df0fe14a639a68f026f7602059d2e5a5514b92de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
Filesize
19KB

MD5
3811a84079fd710635626275664e51a1

SHA1
f998ea367562d553bbb389332cd28d397750edce

SHA256
6d368394fca86cfe6157ed13d36a107a1597000921459413882544a9d72ade3b

SHA512
75c6746b24ea432e3f5883b6ed87076ad4c4e25c3322e58449d5e2268ce0df9497245561e480d59d916b8e84d79ac148c7cada8a3ed1714bb74aa701bb0b3295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
Filesize
20KB

MD5
baa80a18dd87df5735d95654441feed0

SHA1
e600bd34f9822eacbe76dccac24d70178a839d2c

SHA256
cd12b1ca0960d19a282b891a804a3c21729d00ef26ea23b674e908465d4a691a

SHA512
ba381c34f3be056d6d44debc209d97921c2bdd8e3af66a8a899e4ba2b67d163395789e32aae31ee80c7d0d0c35685c01d1e734ebcb7645ffa54a72f0729adab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045
Filesize
62KB

MD5
1721006aa7e52dafddd68998f1ca9ac0

SHA1
884e3081a1227cd1ed4ec63fb0a98bec572165ba

SHA256
c16e012546b3d1ef206a1ecbbb7bf8b5dfd0c13cfeb3bdc8af8c11eaa9da8b84

SHA512
ff7bfd489dc8c5001eea8f823e5ec7abf134e8ad52ee9544a8f4c20800cb67a724ec157ca8f4c434a94262a8e07c3452b6ad994510b2b9118c78e2f53d75a493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047
Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a
Filesize
29KB

MD5
d453eca18d366c4054d2efd57717cf9d

SHA1
c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4

SHA256
be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc

SHA512
a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050
Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051
Filesize
18KB

MD5
2335c53afb1602527663457cc9c69410

SHA1
8f5fc5d6c267d93a855106d908eb3e29c6b77d11

SHA256
9eace0b1569f237f159f7f0a949ba8c435b994331aea1f5c7f73c88d2383da89

SHA512
fb5c29cc151f75126a610aa2b81f05f0cc74ae3a115846ae3e0ea2ce5d233b48c3807868ea9043945de64107af790931fd44938ba28e8ceb90c0d549b0834984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c
Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d
Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e
Filesize
41KB

MD5
ddb8bf0444969fde4ffd0dd3036d9dda

SHA1
b77ba856c51a72a40f69637a9c7980cbbe859897

SHA256
3e634c7e24539826f9f228decb932e1b9c3139c6505bbf6a9d15cc206f1cc6c3

SHA512
bca01e2dbf2b8aed3a08ddd51d68029296175b7a2f2a601a3c3e522ccfbce6c397b3c9a109db07abb053cd812865d930b097888ea58a772a99d4a67821d02f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072
Filesize
1.2MB

MD5
e9260f3d081cf9a5d5c7551fbdc3d234

SHA1
0cc5b721c02dab3301207880871fc97e004c3b88

SHA256
81b05795af8af16e41a86d022730747b7b59a8e96951ec3053f34f91d66cae4e

SHA512
d4445200865a3636e814fcddd9ea21dfdbed943deb68a12279d715879693921e94ca8dd8570853bbed657f47cc8d034f931f500b3591a2001185d9be45bd109a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074
Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075
Filesize
32KB

MD5
2448f641fbbbdd88f0606efa966b052e

SHA1
25825aef444654fdc036bb425f79fd1c6fc6916e

SHA256
03f060bf37ba360360d6a7413d98e485e7d8e6f69e6a1de300c788d439b78d02

SHA512
d56e3b19d3f4c6d6663117000b99071cc453b6fd93f708bb8cb92d5adfa0eaab749d8d6cef4f19fbba548d31edaecfd0a74ca55dbca7d5f5f1fe66879b27b9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b
Filesize
145KB

MD5
5af551639f7fc501b08aca2b94ac5981

SHA1
ff7ef4d9b6f21aeb45ed1f837b47359dadc3e298

SHA256
99ec71fcd27ea88a10963e2105977cfec80f08fb0d35d64e57f8b7ffca3fca94

SHA512
5d28349cd7deb814a00a9d2b8cd9eb20272ddac76b672e70b8315a6da299480a894a29de2bb4678a5e1632e2828461a528d3c285bfb5e433c8d5b34fa2b957c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c
Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5
Filesize
22KB

MD5
723ec7872cee1b86c399506af3706e87

SHA1
dba0b0a64ea4278d40ceaedb2cec7c5dc4ef5e93

SHA256
06412d94466b695ac383f54ba86caf66263e86a5d2616f6106afc4c73109e732

SHA512
c4cea61a3264053a03dd9be91e9503e920d5076bfedce400dc98df1f92cf8c1c31b0e9a1cb319a6ca49e153a0957d11f244074b503a380b082ed2f53eaf5e23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b6
Filesize
146KB

MD5
bea9e5cb9266fe9bd2184759ed5e091b

SHA1
7fb53241d0a560ca152fc996a2424b3b8f23a8ea

SHA256
16a02ce6785a237da62d4a44bcae2bb2e683638f3d1815e6a457d84c37ad130c

SHA512
3fb1ba4b586f1a6f81c688ec11cc17d803c436dec3afaad67f244614f56e1ac1d2523be26707d1ef51b432a385df8b81381ea55fddbc7543c010066f50bcaf4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba
Filesize
1024KB

MD5
9f81b5630d54a37a155b44f8635dea4c

SHA1
7121fb430a878e035fc116c916c78b6efb990078

SHA256
fbf06b06a09c173ce6ed8ba6822007c5d1cb5235f44655f536eaeeb1d009ed96

SHA512
60ac0d74c0d6b2456b45d69bdbd69c65062d866934f768454c2ad7add8cbde5cc668fe1f453130b19dd52b61a85d2c90a30425c07c7f1f2dc02f746b979c22ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bb
Filesize
661KB

MD5
362f95cd972b5261e787fc733ad3155e

SHA1
d587ab3211403fb48126e0a0db4c7354e93f084b

SHA256
6beeed5fee4dd992c980e36f19c08da0ff172f59111b15b96315c4863cc94008

SHA512
2bc7ac71bf6bd553fdd040f163dc377f7d999bd76fe506468cf76769655d3469666803219326881063cae87da70b56b86239033a8742a8bd0c7be5f5056fbb3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000be
Filesize
92KB

MD5
85dabaffa7f5243ba2c175de22cf28b9

SHA1
b29bc7687e3f025dfa16161aa16986e371d63f4b

SHA256
9e18fc6cf0b7318d886b6cbac4969a6c2d4624cd1cb2cfc86cd3f1afd3608979

SHA512
d822f2f4070a03a4cda6dd7e7451c834b9efd95d5de57d82677f15cd84bac00062acc3f34f74c2faefb1c97caf9cf5c8c4699bc6f390c9f61066fc89c49cd4a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bf
Filesize
67KB

MD5
b1d770a8e88c75e59b3dfbc8e1fca655

SHA1
88f08926c04f332a532060597260dc6b07aaf229

SHA256
4d7d8d5ca9ebb9ddef52f93d0807fc2380c12d49726c9c443ad54e694b7e3840

SHA512
9565dffb165b0fc987e5733df40165dac43f855077fa44bcabc57063b5309655039bc4114cd3e69b505694c472d9e41b7bc1cd94301ff2cac1bef4cd6a0cb2df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c0
Filesize
62KB

MD5
d4a74f0c172db003dc6ef1a7444d1b6c

SHA1
902bd041f1ed1e3a6314723aa0cc1dfb085ad1ae

SHA256
714e424cfcfe695f5a9c8c80c3d29895852a006376e06a37130f55e143db0904

SHA512
3dffa50fb126121f0fd4974fe4aa2fb9689003ff6a6f3de94633ca9590c0ccd5b22e6e4ec0c2ca9baab9342182a655212095365c2a31169c066e2b1a583cec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1
Filesize
28KB

MD5
03c5d55ee19d5a11a4b68a34eb635e08

SHA1
48adb35dd45d786390f2786852e80240f2534aa8

SHA256
f8d4700b244ce215624d39877047d8cec549e58efe3ead1ac1299029c8f09ae0

SHA512
8508c29b17399ed2a1ce47deb8931292e9373f5d31da3e6a7c2b44e6fde54d7ae83d0cf235289f5dfba9ba1b4cb070e80d6043962049839ef7c56a6b1d7b78cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2
Filesize
20KB

MD5
8279f13d562ace14ca34f167705ffce6

SHA1
068f0622cc2c7813985db7a56194a79661617f77

SHA256
4d0045e507f3cfe0ec25c2a409c8cb0a0c856a859473de69119948a6bbb2944d

SHA512
2bd2f1ee6b5a15d863c7857e5a6482680f8f88fc32b44c759e01cc28abd33c29c07b9b666ca0e3adce97467f70cf7dfa4307e4befc31e2b698efa44a2f85da91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c8
Filesize
1024KB

MD5
c14531686e55248abd5dcd2bd5246a8d

SHA1
24aa08a0d61d1d610e69ed35cc16fdab7977c96e

SHA256
623d1c3d7d7f2b0cb4b6a6f700450d2c2bc679ae882a6550ebb29a76b080918c

SHA512
b07e08cf69ea54208fd244ff3529b98e062de5d953a3a8d044246221ae2375e22be5e17057e5b211e4885d38d964f36c9c6575e53588f551f4cf13539dab20de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3
Filesize
928KB

MD5
2b803ccaee3ea27d0fe942f0f2e54e55

SHA1
cf65e21c57704feafbc8a85755f7c24a9a3b720e

SHA256
f139c45f4f3d35edc8273f08c283a2c184140c2f62ff4dec4ca91a2039b7d77d

SHA512
d1f3d16a2162b6b32aa9f16ce124c86e0f42416d90b3560425bc136848763a314415e439502ef6f0f77d740c89790f2f6ec94b2ce77dbecde69dc49032170cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dd
Filesize
17KB

MD5
c7abbc9e65446bde7792aa1c1b573528

SHA1
c4de48491225b7670dce31fbea742aebf6b7a53f

SHA256
3296a975e45bbaa05d91aacf13090655559a31687d0c1cf7edb6706dfc1df072

SHA512
6b7f7b01e2bb792d55f94099ecbbf81f7e36bebebc02418f0bf85b90cddf2665acd1ace96ca488e4f51da4552ff823eeb7852be1fa095244dbf9d3a4ea6646d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e9
Filesize
17KB

MD5
6af34d0737ad0ca608111771cf74cc79

SHA1
15d0417baa08a741c6aee19fdfbf4813635f98f8

SHA256
47b0e7129add982c0e394f0dfa8d9621e6c9e4126859b26e1ad25c18def0d812

SHA512
74b738d66a9da306308153c683bfe1fc784bdf34166492eb4e76ea015c32bdf1f01c5f97a6c7eee5459c13b04e8dc63f7ffd20579e6808fed467e0896abe4baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000eb
Filesize
18KB

MD5
a3aa58d7278e34dcd532ca9915b42e6a

SHA1
f07fe794b46f67ab235eb5af23c8c371d1dbbe84

SHA256
9f2e758841ce1ad6bd3e641da67098c35d3060e4d32cd74dfccaba4c9803309f

SHA512
2f5bf2f2f05ff4f8e1822bbb9896b07de8d84b57de6bcca6340b3f0a6d44fc652ab8a8f4654826d39aa5100a795a9e9bb69b4255c14eec534056c4afc255f8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f1
Filesize
31KB

MD5
a34c46370087197a32e70590c04083f8

SHA1
78be0534355c6c5fb72bc55e050a120269f3283c

SHA256
8089d71ebe2f84a755bf3526f3d43aa067c8094d6c2203b92bf03f93e3e636b9

SHA512
df8ea60fee8395b3e071f8279b2d82586697e0c0140cf335ba6449ac97d9ff8f1447cc7154240bd653b2add1ccc3ca851b6f539ce2c082dfbba9026155aad4a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3
Filesize
51KB

MD5
236c7057d3144974c4c94a0fa162237a

SHA1
3816a27776f5884b7fc4dbe7d9e60c479f2dedc8

SHA256
29894bbcebbb853611b38c9a613ff475c32bfae94d13b7384df4a679e492a067

SHA512
afc511c328225607316eb0dd154a9506efe1e37e4fc605fe0a9971ef46fd59112a3d8e39ad129751b2af8d181f2427d6d317522e295ce34adfd44ef7dd165aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000123
Filesize
20KB

MD5
1435f3cfd01bf0f3c24b8983e6780db0

SHA1
439ab7ffa6f9d5b654710691d8736eedf2b6e892

SHA256
8cd3f9f312e86bade2e77eb25c28eba805707909441d49e29288944677ce6d47

SHA512
dded0517b2c8f6c6ea045ba87f3ae870df63843291c3e2219e7bdeb4e33baf360b5fdb6065f0566fd1c79253105574ee4ca8cb13a11f7e6a51bf20eacf03155b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000151
Filesize
27KB

MD5
4efb9aa5385421fc5899f9e7abf7e8cb

SHA1
2572cbd83a21ce01f315c126505f20f5e52da704

SHA256
1f9c006e426f89d13e2ad5550f1eb29e85fa4595b31086be29cd9adb3cbdc960

SHA512
e4ac6b0b72ffaab0dac276a764e6bfd7c78cb07024adfedaf0542a88515ca57bbcaa6c679dcf0f221f2da4840f25aedc08cb0a68146e181cf776b959b5463d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001dd
Filesize
17KB

MD5
79ed46cdb4ff574b0ae8245e949b5ff7

SHA1
8743c1eedfb4714f41c4ba923d487101f6705494

SHA256
4f9ea05e7fd8bf0e87b6d70efb89451d9d28c7de06fae63a831530d750a6d1a6

SHA512
be37314d3d37c075b128b264e4906dd53cff4fce5b23f5dc9eb609a62a995d382ff5978e4a8ff2567803795d10eb4a282d22fc32287dcfda4f6afb577a32f7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001f7
Filesize
145KB

MD5
27e0b0d117c9b50b2dd782e77926c41a

SHA1
f6b69d3570bca5026ce8fd3670224d4f10a5d833

SHA256
f7fa3985fcc91607f1afd125a17333779a8c3e2fbae3a243b1238bba4c63548d

SHA512
632371a460db88e640f90e543bc83b3163ca3d23c474b5ebd6ede20949869886727129538d213a33549d70cafec5ff64256c743f7f87bb140ccc19da03eec002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000201
Filesize
27KB

MD5
7820201f0db0c706a0ea5bb7ce018ef2

SHA1
6d116650afbb3b25bfd6226c7d5ee00dd1fe4515

SHA256
04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a

SHA512
bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000205
Filesize
250KB

MD5
3984be43550437b25530c8f53ee87027

SHA1
f41ac73065a906de660b71810ef57f28cb2e55c0

SHA256
7cb584c59b91a08cd03f371f994e53b9037f8cf19916b8ed535d7fad360a3a53

SHA512
ac3edd0f169dab2badf3d6c082c4c7db1e7412780d0147fd528419fce59e8b0e4f27b6e89fcd172ad200982e65821656318fffe010dbf1609d8947fc594208b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000208
Filesize
65KB

MD5
8a42ba5472aa4afa3d3ac12f31d47408

SHA1
2add574424ac47c1e83b0b7fae5d040c46ac38a7

SHA256
759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4

SHA512
3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00021e
Filesize
19KB

MD5
f1835bee43eb0d3d612f66e06ff4bda5

SHA1
d3cfde687ff861ffe9e5eab708dafea3374eaf3b

SHA256
150991463676ba1d0dfc77e7dc1cf9820264e52aeb620558aff0cdf9ff1e1914

SHA512
499051a8b1e65ff71e27547b4ede86b8b7d96c2b43843aa44f899d32b578d4e6d5e6838201cd39218eb1720af29b5f641dde386ab81cfd948c6e28f1ff9bb885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00021f
Filesize
97KB

MD5
f03b625b41e6669d63dd48c535134432

SHA1
d09c27990544a1694e0541ecccd0d7095d8af953

SHA256
827f422d8f2a5181e9f316c0b7e076a45d72367c47d8b765d4e811fc75e4fa40

SHA512
d34528736eb3767d8b0a9fcc533cbaf5d87cbd0726a2e251934dd3253070848df9e3e2e1b1b54a6b1e967383b8d289bcf31cf1a9ed0b11a7f7a335dcb1592f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000222
Filesize
809KB

MD5
4e0fd939c1a363d23ccae3d7929df599

SHA1
599ce43eebeb61aa36c08116ba84fcc81ea499aa

SHA256
33f2573ae756a04677c62a4a3953160c169226145256d90b0443f0074fe2522d

SHA512
7e269353327b150346b4601a92ff91f6ebfce2004b62f03ed55f977b9ce9a520ede65940eadb85b007e0a6778c7af48d4cf38c028c168e8962cb56388ceeb2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000227
Filesize
19KB

MD5
95b53c7e4be3f75942b7227ecfbd030f

SHA1
f7d6c391dcf21bddcc8a65652941b9d7843333e0

SHA256
7bfb67f65e123f4bf45de5a822e4832ded715a7af7a8c1ecb9b31261f7ccb7dd

SHA512
fb2e91a5ded0c3f16716853fc25ad3672d46f6b969c44676b230070e03d8d57b65fb05af3daa1106c5ea8d1d74237a3f26b75d41b9d2fc34c97337c42c47b989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000231
Filesize
690KB

MD5
a9de09929b10829f8a98cb75dc1634d6

SHA1
deac3e6c0ec728c5fd8e4653b17356c19e09422e

SHA256
827709abe3ef941b25619cff3f56d66827315c4d3c7e70b38f13e46cf50b88e2

SHA512
9011170a439a61c58bc5539b49867f487add04769ab909cddb677c179fd66440501dd78f6fedfaf0ff0b94856d66487b08d3651268851695eb74379564233235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000296
Filesize
18KB

MD5
b2f23a1a4fc26eed200d7309d795f134

SHA1
6c0c8685d8a10a8eed6e0d7b8edd5e2f800f49ee

SHA256
f2f065dd1d75967ead1d55ce7933cf7c7b1a4bcf207322dbbff75659ed3f3392

SHA512
117a55c007a5f771600dbd9cc6376cd26bf2f95ecafb34adbee774dae5820171d7b388b9f873432788b03f0a1c0a30ec24a3590d0cf10f1a284de92b774666d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0002a7
Filesize
76KB

MD5
ee50ce47bf4e0f9c811a1cb29f9609bb

SHA1
2348b5f9dfd021832ae376bab06c17ce362cd5c0

SHA256
969231c064e0e8e0a0953d6ca3cc97cd9636a22e5e283ef3192ee0f82a3d65c7

SHA512
6b3dd0599805972bd597d7176a19c004ee6bd1c860a5da7260b13531040028c224d979c62340b4ebf0577b9c49e228c505f0cac7e835ccf27082784772421223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0002ab
Filesize
25KB

MD5
1b7ac631e480d5308443e58ad1392c3d

SHA1
95f148383063ad9a5dff765373a78ce219d94cd7

SHA256
7fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738

SHA512
15134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0002ba
Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0557cb3b754e8a40_0
Filesize
53KB

MD5
7c2100b088b59a8a45518cee8f4d67fa

SHA1
d85cbe698734a6d987ffad8a2d724b20c4c1f953

SHA256
a9277fc181039d74cd759e3dff49401431df46d2f73510355081b4092ec0460f

SHA512
c24ddd507149440157cf9d7c4722201e53064ff0c698a64b109bf165c4675a4a005336694f571f4960f728d339ff0fb064b03084abbe64e77b92525cbd42977a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\08dcc4d3aa29480e_0
Filesize
264B

MD5
3fb8b2f9ec90867816b0ae8e38971dc6

SHA1
473244f27d20d447489e62d8c942d5ec5987a6b0

SHA256
ddc4cf40bac8eea2a8b024810dcd94541ed91d0cfbcf6b2fc7302ea08c85f316

SHA512
3c2db85e957ce5f072940551bd35b6a8860981f693d82e86aedf9f94ea2e5ff7e297fa80d1f717e48c84b62afc7800723afdc1ba25963f35a1aa06fa426eab1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0
Filesize
1KB

MD5
5818cf663030195ad1986b2762efeb73

SHA1
03a0947bb801340bc2b8e7c49eb026c7a918a754

SHA256
27fb3ca14109151c84028bf566bf52a833defef6af42968ab3fcaecaf0aa5424

SHA512
7b6b6c814b6aee01ac53aa30171ef2a9d87645b28db73fb3c0308b53915f640444ac5308b2a7937692c2bdb12c3bbe9190ed519f5dadd01b3a8c578755e5218a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\20a5b9c8849b94a1_0
Filesize
274B

MD5
49207288d528ee536d54654c00d11a5b

SHA1
b41515584774e5c54e5995b1d8411229a137a0cc

SHA256
cc2fe213cf11d2dbfc7cd2ca00a0da67c92d4418a9509a0f604442e87f36c6b1

SHA512
a3e2fc4251f9bdf8dc4e337e11a8d94b020b1a4c9f63585341a424d8d3f6239cff9270e13cd636b24a802d8c185eb18311b716fdde29cab036ba8efb23aa41cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\242869f082d2e05e_0
Filesize
267B

MD5
25feaf7141780b8f6b5364385bac3759

SHA1
4f37c72e7f4f7a4ceaabfb688e691d249a2bedac

SHA256
5c77c38651db74b19c45c46b066127ab33d7354b6e03bc9bdddb969e8f566060

SHA512
976a286b6541c9a3de53f02ce4f7b9a8102f5601f4cda2b7f09a32fccc56a6b8a566e3a4d199df5def1a20d8259f69d1b16e5e15295144d68bc2856cc15ee6e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\38ccb843c036dc27_0
Filesize
188KB

MD5
0f595da5de788e1c63df051237a45eac

SHA1
1d195c887630d7d8e3184678e487f26972914c2b

SHA256
444a83e8cfc2a95092ac47a44c82d5520c3502842669b0d3a4ca62bbb086a4e7

SHA512
e02a81ca5456c9ac67aaae2cd7c262f8880b70bf871d27aae73acf83543a52a7c9ce419cd057bb446bd3fdc3a3109e7e55061793c9afb303057c37a97f463c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\52f107305f496e96_0
Filesize
33KB

MD5
9e4be31ce072d83ffd03f482e1da18b6

SHA1
b08a09178abb9ff38c2b43d6a2fe7834765ddd2d

SHA256
9aa14a9cf9d9ab275944614479bd72fed4b825e65f7e23944e306a49482d5d2b

SHA512
3c2e814fea1ff48f81b786ed218c111128d1f1d9d605b3dd7b24edbfd631548ecd4dadf720cec366db4301bd161a00376be811f898741458619667cc271323dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\603d2267d522446c_0
Filesize
3KB

MD5
be34c5de0d73ff3147cf984e7fcdafa3

SHA1
99c0d8c568a86a76219ad7a27e4ee43c4006884f

SHA256
440c7e57dc392563e309f7f082b4471a60812c47965f97a181119a95e844baa3

SHA512
fd08bb005084e1878603f6cbca782a5f6231fb4979f60b01a57a31547ed3f35d3b31101e6088352d4143ee82cc8bb7d9d06eb38ceee8df1952964a36d46ac26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0
Filesize
4KB

MD5
b11775f10b28646371f26206cdba6d3c

SHA1
3a8975abe247d2c53b86358a3688b0924059fe15

SHA256
b3b10c13086584c8ffbcff555ec7d5966a02109b85a18b35a47e7eb4753ee9b5

SHA512
53612b2360672c12825c1ddb8632627f57068da25c6215a3ef7802c6e4ef97d5c35112e8459c82136183c75c96a64de49da709aded845295a95753800a2048a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6ed947f4fa500519_0
Filesize
33KB

MD5
0dc74b37bfa5b22330ff7ec6e2216fe3

SHA1
648187d59826518e7cc44f4e52efbd30191b9d24

SHA256
aa74d8e99ecdb8d3965d1c0b97745c02450538bdc3237f732aa551f4bfd48a5c

SHA512
6ffe564c7cdffa8080a2f07a8eb6fce7caf2d8125eae37090af5ea7d35105d97760eab48064ee13cc89b9b96890aaca497742bca6646a2ac2f2fab49838bd738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d0362d230fc63c9_0
Filesize
14KB

MD5
c723f886c900fe3e053d9baf46eaeb94

SHA1
e12c3312c2271a756ce7d5631a2d7b57fd63c698

SHA256
4bb5f36ac7d87e1178905033b4d9e4ebe12520098c5c56480dc2510bff3f8d40

SHA512
7e42893bd49c304b8e01447a078e1823882206de71d0b03d2afaaeac1713b43b675e0f49f52589cbe0f48a714bc60e4ae6f208f0fa36da2cc8ef938bb7080e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8fc6e2dfa9eed74e_0
Filesize
651KB

MD5
a13c10afcce5b21ad9ddecaa40da6227

SHA1
c7ce49735ce10658b8127ff1eb6bddc82ee0834a

SHA256
b60ab1f7f048c7c036cc59fa777ea6f533bc8a6e6bb22c2eb5d0e6c332f9524f

SHA512
b968a10fb78538f2da041da8dd98f51c020a323570f87f015514d5c5b486f303cc8a56ae6721c15316fa07cb13ee297c11551e02e0d9fa9409f68a07cfa4dc2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\915f109fef38c60a_0
Filesize
55KB

MD5
74fe24cf64d47c0629e112cdf92cf28c

SHA1
d4fa13c59b64591d37c81e228b8601d58d4200e3

SHA256
51cdc270268be9dd2ca1f97117e2ceb2612723c843159134f36af68c8d494ed9

SHA512
a73a0216937785dc8b3025bf806d502994fd80d65a4c9ec31c6e8ae50d50f3a1ce41839eae68ffd54cdbfb897aa824efd747e32d9e943d0fa6e7bac97950b033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0
Filesize
2KB

MD5
7610f0fd061a30e93033553f2c50291c

SHA1
12dda26ede182024c596051451002969ba66048e

SHA256
34da4a686402cd2b8a864abff16a0b270a75767145d572874f8577a3a813a6d3

SHA512
38459af00e40bedc2d40854b8e8f603e08f60b90d67070c6879390b02ae17b56737a0b48448045d55c4fd96f10d11a811da2fcf5d44ad650b88d5cca180f2208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6fa6d19061560da_0
Filesize
10KB

MD5
1bc5e4ff25d12180fcf363fe5258cafe

SHA1
32e29c6cc4f2201c767626baa93b8daec16869c4

SHA256
7cc55517a62fcf22937ae656368b6e047629a831dd7fc01750c81961928374e2

SHA512
7bdd9223d0e5df606ad1ac65810da242e54c96e5704f2af5d0dcc932711d604302758fd146a57508090a53612947efe868f53f7728f192545dc677c977c5cc55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc8e8137dcbd7704_0
Filesize
82KB

MD5
e537019770685c56ea254b64be29467c

SHA1
ebe1c75b071695b56e99df51a553111c68526079

SHA256
6f678a97a65cb4fbf51fc6d3cd7327f6c79c4ad0fe8effa122691e50de27fd89

SHA512
db28032936149c08a335e2f4c4543667ff64f0f9b3b708179efc3004f5297ab6a1da4a18a6e03bbdcf5ca10cf1be034222fb7a12912aa3c5f0a1a5dd4821be24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cedbcacb50cc047b_0
Filesize
266B

MD5
9bc2a651d9f737a141f086cd55bfac78

SHA1
deb1daedbe9774bf4ea14bbda7c189f0b83d2569

SHA256
b6ea86218a1d02ef8b1720da1e66e5de7b90a5f41f6ac3d6d521ea26be53b695

SHA512
8ab72724085b4f2dc75a0552eaecabd67696ec3f96710ffce7b6e549029919cff8694acd3a7f747049e800ad05942a918fece16163c50676313d1b8b2143dca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
Filesize
2KB

MD5
10750e675afc996bf85742299348ed3c

SHA1
f03e8bad598a74282a758d7bab693b05e64d8751

SHA256
02ca2c3a07ce3ff6a742c5e85cd78b8adcbeb70687e619f5a3e30a6dca674c1e

SHA512
a3752cb7a64fa388532c2f4666b43764f59ed330ad114790cdc90d3324a671cabc1d56afaa50bc1c3a0188be021a9249c099beabdd4bbb51d432ad75e5247607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
10KB

MD5
ab554af87e17fbfeaef025a9dc3815bd

SHA1
c515cb2f63168127926827d2922d27b12ba5f989

SHA256
95a41845a5f501b8f06d6b3f583bf92e182e1ea9c00bc25edee65ab28f24e84d

SHA512
dbe9acc52d4c4312818824e238b188ad9af3c432883b34d8fa533dfe7b45262c42365428b13a4a8a27580bdf915700b898085c933165813003e8289ff4e338d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
31f1742a0da888e86bd7031422d27f7d

SHA1
de3a30dae2c7345ab4bca3608b2c9e53ba750a2f

SHA256
ecfee205fd09266969e3295b9a8ad7531b89d9443ea3d76c1566cfbc78b8bbb3

SHA512
59dd1ffe1273d2353234c7ad67ecd91371c29de6729ea935746443b36462a2b0ac5b2c554f8311c36303b1460867d6171c1305950297af4b410907b0e733621e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
10KB

MD5
7c85d5fcbe590f12d545081af6c18ffc

SHA1
c3690895168a95bfee818d909268d024466504c7

SHA256
a0c3f0f9e30766d87a2311eb4f9b719b27b5436964623b7f6c91b22b34ec198a

SHA512
cd3ba8c6b034a5ae1503234ff264114d6ba4f73dd77a001ab273f5bd7aa413bff93ef395e9fef8c520b1587700cf2a3ad5f050b4e3d1c59e85ba4942aea1608a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
12KB

MD5
767b4501e6552eb015b9b122eb68ee4f

SHA1
7bc39f455645c33bb77bba5ac5a5daa854060e5b

SHA256
4d00b54dd67b167b919902c43f890844edfc73c259c37b332b734e4d743b26f7

SHA512
74d5723ea9a0a610bdc98f7bf08e954c609a021d4ad5a9c3621c5c353126814013fd6da00308b6baa57473146bde5490fbc8928586e3d9e93d41fc9d5f8629c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
f30b734b659946f63b9547c878ea6c22

SHA1
d3979ad4eb1edd9543efe2561a05d03b714c2e57

SHA256
9683a10da642339d44344eb0c89573f012c2185ffae8b90962bdf9b8741ea4c9

SHA512
5ebdbc94d098f8e6d606640873f1f8e792b4e32a45fe1845fd31f6bfc3fe8bd91f50a88bd6848aa019b3f2c59b16959abc1a15a077b2db23a2c41e3c35171a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
1416f3f37905806615981ee6dcf6f59b

SHA1
a0b06ad5d0602364ea0c4cda7fa7f8f2d5d3be6e

SHA256
8fda38bfde851142b3a126d1664d88e29da345ef2656742924002b5abb1d207d

SHA512
bef5984b2565e6f0096636b471cd820bdc7f6d5c418d970eaa8ec5d4de034de940db9d9472c78bbe962910c28d38a00970942df24cbbd1d774c29324f467c367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
16KB

MD5
093e15ef65593e947e3d987b73de91af

SHA1
f9f227e1d2fc83e2d998dfcef77c5613732f4b72

SHA256
1c719f4be9b06ca64bc2852da6345df6c5e496f5cbf336bb2fad4fb9ba4b1053

SHA512
fca2569b1f8586f341671ef668ca187a2e1aa420094a92911a696af9b0cb934d8ca56750b80aecd86219010881263c3eb205694746e95f604d1bdb94c651782a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
13KB

MD5
4f6cc89a586c51ab4b301caa8f3a83eb

SHA1
c923e2f2bb25140b81540c1a70a834fd1d899b4c

SHA256
eedd02637313963a754b4259186bebbf35e62bce2f02602b4a32add27c304e98

SHA512
c2d5c2db940df35c3070c44eb94c5057e4992447be506b055e747cf83ca72001d9aac6e8abab3f24b15a704b5ab37c9beadc8524746356bd8a0fb5bc048407b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
13KB

MD5
bec8d87de9bd47f9c4cf1378c9d288a2

SHA1
c60bf6783faf3aaba4276fe7253d8dac959bdf44

SHA256
6a5062eff352b9c98676eee7b4fac3668b0219c325f713d4e6d77776ffc0f1d2

SHA512
644b66bb98cf2c33ad5d4d4440e0bcced4692f7a4d39b3a21726f582e5b92354336fcaf00f58d32ec015b44bb7e68b4b8f456c42cf76706fd3e9b3524867fb2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
d168ca93dac800ed4054a1a493a30cce

SHA1
3c31dfdc6d1012bf7950376284997a912667f88c

SHA256
e737f8ab0119dadbac7c1c49cabd9ac381e011e311ef2525d1d02c5e06376649

SHA512
82d84148e452a338b9c580b828e07bd0763350234b0c2de8d95218d6c750e057ebcadde59a73ccacf0b7f684c678cff605d0dd46a4043acc764d61e0bab6bd45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
18KB

MD5
dec113d8aea8e6bc135d6de3714cff18

SHA1
4574716a06cf4ff38ef3ececfe024ae30eb3cefd

SHA256
a7cbe18e0c439878fe933c7eccc4033297fdb356cd09bc5c83f185cc2967482b

SHA512
2665ddac863913cce673f938de028c7518a2dcc2b49669998fdbab678bd38672df13eeb79afbaa28947972a88274d31f7cbfd88a81ccce16f0d816a93e26f7d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
12KB

MD5
cfe4f792590474d7b85571e8880acae4

SHA1
68c58a4a43d771354675d71410fdc44e7a357357

SHA256
9676b91a364292eaed8d0df52c4ebb76b467fa489a34a6f6371b082d892308bc

SHA512
a5403e5ff167f25f7b70817ce323504f174a94a1c196e83a70a90474649b01e99460a03485b5554655430ada49939be8fef3138213b95836ad48b748b8cc54ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
13KB

MD5
939b6a4b5b86bc576279069cee2d6482

SHA1
464cea288c3de9a6320df19cab83e8599f8a80c5

SHA256
2ac564fbc68341f61f696e06c32def51dc0cd43a5ee8d8214922036af1e3c311

SHA512
9a7a9268445216059be1314d7e890e34884e6fdc8f068b95518c9359b0275a1c91f314d2101a269149219766125002077eebe09f6d8c3d2eafc7a8f5ac2918fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
12KB

MD5
1be8c2bf6c0cc7eb3738f67a4abce7f9

SHA1
02b46176ef9670b320c79a349b7226ba732c8439

SHA256
28d5271a38cc3dcc4f565137a646a8c9ca10e04887468394e711ab4df1ce3326

SHA512
5e81f8e2e51cb1787852278d92b4e159008f7d8355f1794049291bb356085bc9fbfa1518780e048ecbada964d9de18a2c4b8b5555c0e89caa78fdae41c4c5c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
22KB

MD5
4f138989792c6ca99757f208cb2b7633

SHA1
3e9428f0b2583e32a76cab9e4f3e261f976b34ce

SHA256
5f87108404e9f9cfd1445ddce062e451e28c3a48d64e0d13c2d7c3b4fc1e8c06

SHA512
50a764f3e3d8413bc614c1163b355bdb780d50a52944624ab821515b371de45f3628be81648db63d3b5ef4d5a2e82d6e95dc36356b6dfdaa2db88d264c736adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
32KB

MD5
b8a9c78a9d1b2dd80321a2f869f2df81

SHA1
9303dfc99f088aa9aaaf85c25d37347b534f4782

SHA256
e3cf3249407cc004ec220c310d99db4ad7f849d22bacbc4c76bd1f2f4efafb31

SHA512
d663faa1d0da917d0cb59b26c35d554ade01b2e9f4428adf909859263b813069f96e572a7ab97306d60fd90643e59ad6a2e80c8e84e0d6641be3b303c7bce7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
24KB

MD5
078560447ec6688b38b353c6c284d4c4

SHA1
86383ef2a58174fdee371322f84023755e2275a1

SHA256
11c4a00cbfb7d1066ecec52215d12257f94554282da098f89cc324a50fbcf99c

SHA512
9adb1e52eb5fabb4b06c035f8c7227e81b719a18730c01f898fc2e833728de1a7d27d5823b6fadbd67bf68b6da3fe2956ecbbe2d27fcee8ec18ac51436461e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
14KB

MD5
38b92f33f01ff0440fd88dc76fc7bd7a

SHA1
b03daac36f871235f0941550c56c21bda058e181

SHA256
5a863594504d51bc4ce8a1e5388340e95eb8344c5fe975c947bb7abca3ddc89b

SHA512
2d3599c399b0fd4cc3abdfd3bcf562675b1bc93c0e31250cb4d70dacc886b26f2e0b0a522397d2f4442e07215cefdd1d99b04996ef531ba8d46f389c5e80a5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
37KB

MD5
d8e023a89b438c370d1c82b2f62ef61f

SHA1
964ed2af289bc065cceed6e44c2b81f3c38f87ad

SHA256
b7eb7a39d38439dac612ea66407f7a02bf37f9ac3be98ce0453283520e87eecb

SHA512
3019c0162733a42ff7d0df81ceb5b85109ae34918fb6a55c1baf113d1862be5a8cf3abae124ed76aa1d08b15fc682b6adcda9b015fa78342faa63c40a4ce2a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3343033c5b515dc946d023f291f427da

SHA1
eed0877f91dbae50dc6c2f228b0ebaaa21c62bf5

SHA256
72c4b543140982654099f80da3bea424e623bd469380ed8148470d94036b40b1

SHA512
9c9b35ee5d5fb6592d9e71b8ba7859f7ebd16f45ec9aeedb1144bd91a4cceb3764daaf18200184320afe34176c528bbd2d718e46e6cde83c77c7d37ccf32ddee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
dd42ecc215df7a4b89bf0c51530ea1e9

SHA1
45a3b1a5641b6cb7c37ad9e7bffa451d96611acd

SHA256
d0de1aead9eabfc4d7a2631443ebb1bfb01555f6b7770038f3a8fc510b3b2f77

SHA512
a77c0696dd37a421eb78383fd9bb51bdc212b65aa04688504a54055f1a0ae742c44d4a3b805ceaf3ce0077fad9421caaf82d29a5593b2f3e528f9754e0863da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
23KB

MD5
de151d9982ff48ad952e91e270117d1b

SHA1
f27cc35d8d6114ab789cd77a2b6db87800952d5e

SHA256
cc1e314a85026942dcb9b43d21f3475670f0d55dbde0bff53cd5609cdc76ebf7

SHA512
5ee06db9776f5f97cbdc558c821e2c613e1d93e948ff96c3edc75b9005bc3be119722cb9e00315b751cba9909003042ad66fc10e289cb927e18bc02aa21fb35c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
26KB

MD5
851b9c0c1570dabdc18a34b53426ab64

SHA1
e59a7ff3be4bb41aec59f073e8c88afdf8b5889a

SHA256
8a04204d1ee904393f5699797173e7ca173a652bb33672044003b9b449bac468

SHA512
95587e7096d932fc2ddbd6af17afe4e4c2db2ed3adae1924335497e3326519a3650eccc51bc78536ec8bf4889e32adc2d9c8262809ffc452e2e5214414380951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
30KB

MD5
4379747159db162900717c978a419c65

SHA1
20fa9551d463bd44da7b435eb3e2a98846667921

SHA256
7cb8d6f5d47a583237e5aac8a8d26920c00c1f4dc8db7e23322f4ce86b20f3c8

SHA512
a8a0bf15a1493a1bbfcd92c64232699a42d3e7a0ec924fb21d3928c6491104c80471388d8dce67965cf463948bc18c0d10240163bf702f8fea64ee1acd06f506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
30KB

MD5
7f6d024cc74fdf26936d06f776b04447

SHA1
1a8c8a6eb6288680eb757b3a4885c79d6fe04a8c

SHA256
182e6f5e84e152a941258ce1f028a3ee7f32862fd2a63491a06dadf1febc912b

SHA512
902d5dd19e98cac78b3ecf1a5c92280b6fb05f0fcd525c70088b7efdaf630cd5768832119d98aba501339ba14a20d99694d543d0e1474a007927cb4c1df25a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e67d2b54a48935a3348ec51009ba1e46

SHA1
b4a5401d1cee5fe0607a05e3d1aa76ea3dab3fe9

SHA256
9a7ca753f360c945ac2d29fcd3d8a614f85cee5049555fb212556a8026bb840b

SHA512
c6af1cd016660e7a689de075a3af6525933b9c34f73eaae28e74732ed73b560b5b2b7ca14075992d940befbc095d00c502fcc92144476179a6330418be933b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
46da3a1f3f09ca9f3d4c2f03ac3a8fc4

SHA1
dc305750f08616ee344471ed4551c2a7f9fa240b

SHA256
6177985764cf2c270fb8d6aa591046417c23f157cf7db8428de33823d7007cc9

SHA512
1ca6ec037d3eb19e7e1ecdb747215698269d65986e37adcefd90b3d3865795d0751e10b9f7c0929a9ae4afd89f932fbd3b21b6559f78f9ef60ec5ab3b58c7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
21KB

MD5
98aabb57d412cdc7c2e7c7ab34c2a9ff

SHA1
bb53c9eba10337bc089ed8098a9b44b50b1665d4

SHA256
75592d374cd452eea6a0559a6b6c9300110656ffe9e3a07e2ae73f84c3880bea

SHA512
ba0fa9ae767fe0d9343fde11308106ce6e56ddee30611d5020af164b74f861a163bec62023e53b8ca965b676ba31523734b407ab77afe15b27de4537cb47903d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
23KB

MD5
01a55321474b7d89364a3b86c6bf379a

SHA1
650e5e3ffb333611056451d5062c6829867b30b3

SHA256
56e1f488f3aaa6fa996b687114da0e439d69ce572f4120aff6c537ed487e7669

SHA512
ba11356a7b2c1f10c5312b8a678da71e6a6924495e0fa7ac5b2b630e64b74854b5ab51ecaf537fc21b30b25b3ad92fcd5e50b33c79ae62f91dca035959e38611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
30KB

MD5
493afd9e09539e02ceac5b2c635e9dbf

SHA1
75ad778e84b8af9ed784acaa4652f8f1a18c4f64

SHA256
86704db1cf731ff5d3b7c8fb9b3c8b9d02004d3f3ce9d8e9ac6f42cc7b4917ab

SHA512
0594a4fc5e470a990bf739d29c73129c8692901ab3c98e76d44cb4252351562bbf24a3657a2adab1bbf2072093b67b17022938c6de61d357dc70d7a90e1f3d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
17KB

MD5
5742da373b690471f1215a6932fd8bcc

SHA1
e07abaf6efde26cc86d4a42a4eb75663d9943001

SHA256
5fc09e6dc1126538d03125ce4bc5aa718597c7fbb50052a95551d3efd6f72fb8

SHA512
b08ea482bce5ae574a121fba70e757ab8f3bfa7716af8ca9bbc7b84ee842d33f5f6210e1792a5986f3731e930c38c9ed6ea04b7a1cff83d01809c136b73f2770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
28KB

MD5
681b9180c51f75662757db95432e6787

SHA1
ea27e5d47edd4d20409ce2fd0cddaf853dce137a

SHA256
9efad8bcd1a60f0d5dd10ae19bd00141035a2d5741a9ef758932db77e08dff44

SHA512
e819293a97837248166ac52c77024ebdfe8180a864ea1c58e97ef95a4c84a3e7ccc531d689d923b6f5832a3e8477183182f681aadd1fe20ac51685d647043c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
30KB

MD5
645ff56cdccdf30627d8a921469aeb3b

SHA1
b4629b2ef311bb045045bf017e7bb24fbd31ee5c

SHA256
3946b0ea54809b38e6577e7088758054c7e9960d000b13aaaa34ea2d3d9b8d29

SHA512
3ca27f2a04f609a7e2ea3281ad0b6592e054dae812c173959e1e947c299fcbfc9d59461e564247c20ffb0d30f13c47015ebeccb1dab956a9ab36c3251acbc51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
31KB

MD5
58728dbd11feb8613a952db4684fe8e4

SHA1
02bcc089e32911b91b6fec12a254a8ad76f16238

SHA256
f6c6a53b95e0f9940ab24ad6f87e7ed21860ff534cf363f10c7e9c42b78eadfe

SHA512
1007f22c00e9cd01f784f0673398f94d25fbf3372b1d78d1a53a56ff3f49bfc48bf7e08cdac85f6a443f17e6941f34a6665dfdf1795714d467faa7809804af10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
33KB

MD5
b03da0e81ac32f396093452fae1347f3

SHA1
af7c2bcd3d1a5d71f38c54105f4d94c8d3a6feca

SHA256
5f5a360469d78d517458011c85e782e471e46b0283f60d40d03ebb00ac0b5c4e

SHA512
55ae2d62f3d49ee20745c56b71c16b84cff4c039d9968dfb047a745ab2a19737cba938b34f1af71bfeff55ad8e48549589476b936a8a39b10e7e938f9e9c6ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
28KB

MD5
9fde566c3574c4da16e667e2a723a76e

SHA1
3a3bbb8a5d266a2673a5ac364b2fef004e401280

SHA256
ffd241f14fc8dff59e34f5d6e58850a3863e2ce1be8948f4e882af313147bddb

SHA512
e65666144ab75bb09979e543e3627cada0b46c9fa59d349b0e5609043fed2a29e9df8cb627181db9fc5c3ad5f87fbc5498c2689d173bfaaac0ab5e153012b82e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
28KB

MD5
b24b738246d2bec2eae0ae243e107ff7

SHA1
89eaf6c5b906661f97cd9ebcfe82cff6f9368393

SHA256
1de1649605990a8ed20f588d6af3e5dfecd00f9776304085dd0bf0983c5f3b3b

SHA512
de84c6bdb8a019861e4a91b12201ef69f4b40c5c7318b0f7ae4de5b565af782bf5db7083c84b9c939295ce629d8fa3e78d382ec360d09e44a325c50e0d471338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
34KB

MD5
940e53fda6a7aba9c3d628da6c83f31d

SHA1
5306cf70e2f0fbd50a060b2798a122159b3c0bc4

SHA256
57460997f3c70892f2983f26a41081acf169008c7839c9eb5f5925f01e98cdd8

SHA512
d9a7ca68b2d6042890849bed044df7228de5f9ea66beb192c5df102ee261f9db70d4b6d0257dd71a452bb256995187a2dbc5b39788652e02133e2398b3e6cbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
26KB

MD5
2e1b42e459cd78eda5d3614345543c11

SHA1
ea46b0f332bce37c0b09d515a0dcf23badfa7d50

SHA256
af210f848e3334c87bb728057295721deecd423bed0b1700d834bd59506a0bc6

SHA512
6f748e4a55fd289a10e16659caeb3558a585b4e98e44f0b893cb9441173365eff2a23eb825265fa04c86f09578ee027d5a9917386973fd9d935ad258efce7c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
33KB

MD5
5b415b23db785e27f215ec9c99b4e25f

SHA1
58196020532ba769773297aec9f3e6783e6cd2a9

SHA256
5b95f902dd4def998cf5612ec79528891f61414ad7df3f5413ff5e29a5fab79c

SHA512
776b441abe35e6ecfbd26eabdd3ab3dba00a2e450e8dbcc1ca9149c825123bb8f5227957b9c849e3c61b3789dd53ac085b2815f5ebc02ab5aecb5ee72ea95308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
31KB

MD5
ecc54e8e1bbd4fb301bd2c10214887ea

SHA1
fc6d12fc1ce883d80068ca0a1943994c83da2843

SHA256
29db32774e1e8c59a676530f4615ac4a51b8a3898c6ed9305b6f3878ee1468b4

SHA512
5608b17c1d5a0c7f3def5bf96ccba82fb7cd4a98d60e3a511940ffebac6279f21c23cb3f26bee28720a4d1c8c73666f5535ca56bfc10b9956f3b51aac6b31706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
28KB

MD5
af84b1ad273ff647f0d5593ff5f2e840

SHA1
cea7bb9a00302897d631d9297a27ad9d84ed9597

SHA256
e71c52902fba46df812f0156cd9e3736bbf73a4c5137f80c67188fe52604714b

SHA512
3abf9f735f74f43bf90553510e78a5bdc0d9a1cc6741aefc0e019240162511854887f40cb68d23252e05b92c6b004c183195939e7be98a9a7ad3d9dd7c4a779d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
17KB

MD5
e4a6e8bd5434689b2c914ee885400cdc

SHA1
4e6882e4b0ea215e8435517e68f73ad64a1c66f5

SHA256
b79231d1fa0a81028934afc709501b25b9658fd99cb5161758eb4d88080f6a87

SHA512
996455f6124a2f9882e401e32d2cb367afa33fe30264174c58a2d24cb1ce50e3a295c65fa470fbc11020c356ba13442684dfeff25ce29b9a7fed2921cef86334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\41f4bff4c476e97f145480a3d7a3cebd15d4ac1d\d9491c30-18bc-44ad-b6fb-ecc7cc293b22\index-dir\the-real-index
Filesize
120B

MD5
32afd84ea40859680c4f5c869782ca3d

SHA1
767e0dba617352c6ab3403ac2844b198f0d24bcf

SHA256
c9097cb4e7cd5e678cbf24b91aae4f7cf46effea89a87f423828357758762a96

SHA512
3c9a1fdce7be6f6e6f2a91fc25561eaaf2cdf47ef0f04f502bb2c7d84b324aeae779261b60cfbed3315e8e09f7a1d4d317b7927b6ada13e6c16e5fb3651d559d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\41f4bff4c476e97f145480a3d7a3cebd15d4ac1d\d9491c30-18bc-44ad-b6fb-ecc7cc293b22\index-dir\the-real-index~RFe5da5b8.TMP
Filesize
48B

MD5
ff3d67d2002e765c626035b4dc26c560

SHA1
9f3cfcb454b19fdf5aa309be59b374e1e68c265c

SHA256
9841cbf9bb22893ccfd92a3671a5c12bbac7d959869d546336c226cac19a4954

SHA512
45bc9797c33e3c887c4dc9054dd9b44974f08d27419e34bb4ee272b6d89e9ffdc09f15d34cf79061bd9cc4205374166caf360cc7ea8f4b26e9158fe955721a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\41f4bff4c476e97f145480a3d7a3cebd15d4ac1d\index.txt
Filesize
79B

MD5
88415073448d7f6d5a11cef4cbba8937

SHA1
ab35b6934865cc385652b1a12dcdbbf267a9561f

SHA256
4777de06d3c9000b5e9b42fb3591ddc42b536be3f6059a8b48125ef72d02acd7

SHA512
7cf3f7d6ec12dee699725f581197880c43bb5b03481dc75ac695df956356b774830134367c84ad28375f61ce3f97f1908db8c02709926a10cb92572b094ef44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\41f4bff4c476e97f145480a3d7a3cebd15d4ac1d\index.txt~RFe5da5e7.TMP
Filesize
85B

MD5
ddbe935766d9e3e4e2aa0bf73490dab8

SHA1
5cd2e899816617f682f3dcf2cbc9869d23804f86

SHA256
04268e44ed8c142b808f87ab684413c3f5b5fdda5a9a91a0b76922c3744983da

SHA512
55ca7d961f4cd0b8b29842f652bbf09861013d1eca16407c4edab780cf78eca6fd3cb65ec05cc4f14f1f1715c6d7623198acf67b6c00612c18f2eb2503748c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
84713866b82ff646c03c8477870e6e35

SHA1
6a3d830226c5a5899c87cdcab6f37922c9233492

SHA256
602bab0fc9bec7ceac5d8c5df18ac5ec7747d571532c611fd738df722bbab46d

SHA512
6fefbec8da53e1a6016061d9f6c62c235c953bb2fa7a010a9eb625236f1dfe505e04c71ef5a9120f3938475f9a634bd76ffa3917e2878b6f4eb3383308e37857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
d469b143cbfcaa75974f6a2c55054350

SHA1
4cbd9516a4314458b468699b1486294e02db335f

SHA256
a1563e0055c48576161b822d419d493d19fe94c3d034dcea804548ed62c6900a

SHA512
4c80ddd4991520660f76c25dbbfb820c1c3d78c873775cb4c416fc8fa42c152f626d760dd0515e7ae5986b3a08f0ce8b01e732c11a9c9c756fc33ea1b1e57682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
5dad6f58f3b85bebfafc509e576237be

SHA1
1072c2935a73190fa7e0eec9517fc6b724b1c639

SHA256
7d1b15c2d81578bef9f02864d462b74a64959be5e7d11cc3c6fa6b0a72d5072c

SHA512
eb2890ba0f30df558cce11077311e77e6ecad0fdd708aeb8fdf32e6b6a7a17f3ceb491bc2ef183d579883311220ba2b7d4d734b71c2b48df3aae7245c4465c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
10KB

MD5
6a66da0b7d11d0b680464052906966bd

SHA1
35783da34c9f31920fb780346ed89d83973522f5

SHA256
033a02d01cae4c94a890dc4449d4f60143793be5b15e3776e0d2a24aec9c35fb

SHA512
bd2de7b4bfff32dbebb487560fc0dd637f4b15495f19a987f1b59bd416dff009189e29bba3a0c28a10cd72bcef3a7b8216463661821362419eb8cc8b710aac55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
10KB

MD5
accc2adc3041f4ef7be18cb6d3f8cfae

SHA1
de6c03e9b6bfb65b51dc35a61b679fe5328f3115

SHA256
4e6437b81b99ce65ff1e53adf41dcdb4254597bd5906572a627dec44c16845b2

SHA512
175936be9c38da60c4e1ca521b030dde045e431680ef3865f0b4c55a087f32d4e63ed722f9a154a855b912fffaa26b5da694dd163a0e20a35ba5a3a90a1e1944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
10KB

MD5
9733af38341e8aa04221d23801a59435

SHA1
7375347dca28b4ba6a4d8b02fbc4266847c3561f

SHA256
a1e0335d8e0ab00099295ee428a30e3151337083e2a0b4ba76aa8002096b6f4b

SHA512
5e76121f59850af8c85ee046e02af7a1e65ca10c7ad7e17bc82ef1bda0970cbc7263b0f9bdf6a14bdd748144eb0a4671c02dcb789dd13435aa74cbbf96628e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
12KB

MD5
9950fc122fa01442cbc6874237858f0b

SHA1
654ae4d03b577889b41d136a702584c711bafc39

SHA256
930169c2454b8ea8351ef6adcd6a677c07c6c07bdc259f8ea8fd3188da43fda9

SHA512
108ebb7211a4f79e999f978190ce4d6df2ea2d80ffc183d9f9dd2527bcada8929d7aaf43f3430e32a3078a325e50be57ee580637469513f6b462d33d0c1f8895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
a986b427ad80db08bfc5ea9fd6860fed

SHA1
b234fec38881f6e74115f14e034b38a36584d8e7

SHA256
80d2c4ddd5171949f34bf3a74bdca06f87401300fe876e656aef00cc279bff43

SHA512
60f9698ef4289711f4116b8a0c11d8711a66c661902fc0db7f2b1f3ab4d5bbe9d21265516655f9522e4483baaa8bb0fb5045fa6027b23dc50d7d9e07fd2085b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
78aa348f85585723cbdd7bc1c111b894

SHA1
a5124ab177cd61c3d5ae78114e217a7c67bbb3a7

SHA256
776a991a0a11c95659f37de7a866687a1655568b226f4f4d6ca28fe48e870472

SHA512
de99642426a4226c5e135868b7f6cfbadae466105d27de6854996ef9cf59e593ae83325c5cd0d53f9685a7cd4c13add600a09bc83589e0b9823fafb95b8f75de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
b546064a4d840a08c49c2ec2b68679ce

SHA1
9003cd15e4e85e518874fe0b927ededd53594bf8

SHA256
b38588358b0320582f07cf87ab074df636d6804922c43e484cf1b5d62e219ab9

SHA512
bfb6cbaa70ce57637dc5385d2f097ce618f150d3fc61cef366bcc4b04f6292ba89ff93dd07a380d9c3087e27e002ef4c85cbcb41673d09e675f0a9bf50a4adb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
72ee5ee1d93b0ebc66eece4f286fb663

SHA1
bc26b121aaa593f57d5979270d6320b2eaab44fe

SHA256
9ffaf04ff7b204a3305acbffcf05bd58ecadf8ea5ee3a2f7da30e9a8679067c1

SHA512
a1dbe822a112c4dffa1ec6144fc9d9232bd8ff3b888ff25c744b28d8b8ac9490c5ff571bdf4281e899fe49bf14586feeee3b4e203b55eb0208efc493c2a6d10c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
e287afbf809c1078c1962293bf3c7a9f

SHA1
3c19fc614659c2bfe2c234987b6053a6a3442ed2

SHA256
e7dbd4f9844f13223efaf008de0b54691c7ff872dc40b0da25090f027120db52

SHA512
a1cfe65fc276fb8ae34c30c012c2b0f83ce785d1c11e1b5cb24d5d1afbd43f5bd6bb5c4d6e3392d97a9cfa1d71056b37a37dea11256b0f4a3a225a3fc39324f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
be4e16e208def76c353007c33d79e89e

SHA1
abe0d7b8087f23a781b70aa3c94958375feddc64

SHA256
ce269c973493517eb10f988748c41e054c70ef68c68a49cb402eb5732a89a1c0

SHA512
649a6c6075f44724cc0ffa7be3d59914a669f911c88893968bd00ea55ce627a2aebe770c5cd0e73403de3e264b120e340a7f38ee92388fe1313c170eac0137e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
858a058a6002c750dfa7ed2be31c5f21

SHA1
055621a510ab833928b93b87cbfa2855e20fecdf

SHA256
a203cae7b8e8c147518ff4db0ded00d4937014f08f415fe6d0f026ba209ea1a2

SHA512
cdcc1534fb0ae4088f459119710c1b89ad7fa5d33c43c428e61006814de7da434cff903d6d59616f54d1b051e4829de82df5070f2598f950ae10ed5d330e8598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
baa0f4595c7c9128310fd85a6daeecfd

SHA1
b2d3141ed796d43bb159cf58a6c2d7a0ec968109

SHA256
b22b46cff7d12aff5dfe1a3d176b277b15e3cc9296022f4caceeaed2e7490e7b

SHA512
4cff68baf484d7a450133b6649b04a587015281e96e821af2331689f71700b553fae939d67c962340704ed79882d103ce12e86b32c0cb46177dda77673851e58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
10KB

MD5
000719feb78fc2852c752c3e6343279b

SHA1
7fd73076d7a9f6800d1f37f2e9c9cbafa6a3704b

SHA256
97c8ce1c8c5a808efbfb0a958dff17397eb703c4b3dcd977eac1242a7796112b

SHA512
9803279047c2633669357cf8a30e7393e2c2edd605f12620ebee1d919c358f3b44c540c12658efead6cb3d49406c7fb36a5b3facc15fb6e82c680520e3403efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
10KB

MD5
3bceab4d93ef137d5b9655c0a5292af4

SHA1
4f4a2eb1bff1efc5c7b7494989696ba9901f47ca

SHA256
b40ad2cd27a564aad8953ff67a8e831b8fe6ecc718c1dfb0ae4f52f844fde637

SHA512
b8c1e603beabc0fbd8c7d6aed7e0aef92b1b64d1c833a7767115497f66d758da272909be05c14f7cb58777e24954e477bfad5f9792428801f47e5024c9a0ebe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
983914c6d8c297588b86dd7b46073528

SHA1
c83dfb7e69a2de2fb0c76b993905e6b361690f8a

SHA256
590ab0422156d7209e0582532615460c6fcafd991f5fe2a109d0491ec1d7f50a

SHA512
f0926a6219075f3e15d0ba0f0e58e1dcebf4412abda809beb4d5476e3b4a895dad8c423ca914ecfdbf205b25ea91c6e6621fb43eed30ac8c3a053356dc4dcdf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
16796c2a463f2b12b3b9fcea8794d5f9

SHA1
021947acbbad69e9203f309912d02d44d029aa4b

SHA256
26f399ec13deb320a4f8c3230bfbc19055c599a29938d6eae318136f9d56aac7

SHA512
ddb06dc3806266e93bce59016c771b2715d86819d89bba33eac395ab3a17e259df953169f87062af2bfa06c4f052f4681efbb8ee8e7ffe06c304e6a685c77043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
69b091e200f71f22475b4928c0c52a38

SHA1
c20ca04e3a70066103e4784caa3d4e452502070c

SHA256
8fd308c6487898a7282c6c712113989694ab31eb576d33810186bf7f3946c72e

SHA512
a7769d520ee5a78db008b4d844eb7ba0fa80f7a3673b04bed45a9072fb0510604453a649e2a4f52ea245737c288381c369f7c1dc94640c0de0995e7829254e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
11KB

MD5
12b321b90a64eff8da543e3270e2fd1c

SHA1
228ca726c321f5079251ec01f747d7a1aae3ed75

SHA256
d6760b11ab7e9284f35efdce64fee6d94028dec49a1df954422cf45785c2be59

SHA512
43a2368dfb1f3926a08d3c89eb6948104c1049953fe76424758f53ec82192086f30996790a3c3ec5d694ef6416a8e1997101c1a7f321b34155cc741c18b15625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
9KB

MD5
35c0d929ef6da170bfcfa140df1b6bf7

SHA1
bdfeb0b45b9ec1867be3f90548aae33c58269b84

SHA256
da5d4751bc371020e553dc85d959713bf96773e59533d9d0638cd963f4d3a81a

SHA512
c5f75b476f32e544a13e43465ebf95c2ff836bf282332913cf8564b2dc8294cf13ad60ada71c53f309352796d5a4391ba6f303e84dc5e0d3e0e5d1f9d869f50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
10KB

MD5
81d05ca2d0b4c01e8001363f5dfa698c

SHA1
0fda09050628750c1745ed28bc44f7b891d9c302

SHA256
6fb70535e9f4449be8d14c847de5eafb6091db130b2b18a4b5c7b0eac068c556

SHA512
618971f8a4fe5787bf9756c509c2ea7ecac036b6a1c9a916e35588a01e58369cd572b161d86052650989e4ac5398b7a9e5f14b22b8d309f2d3ff625cbf5c9b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
7c55ca334e97a3c307966160d63a0a7f

SHA1
b4a0bbb547096b7362273e43e75e75d8d804a593

SHA256
91ef1a6915bbc23857d8b42c7d8b2e9f8e22bf2f30042f83ed502c7601d3235f

SHA512
f34230c7c8576be04e24381d563a4efb05f5a6ee420079a45fbf8655c0ebe3a2555703ed550b90175a740f825683f56b912a2e59dd67aaaaf445a3e1bb8a5f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
e61fec811d8739129cdbb9d0cd9ad080

SHA1
2e5a3e9abcb55e9b7d0539f82d47c332ca18a48e

SHA256
50e2ae2371293a7065edb4622345400cd23601fd15ace4ad35314fa9538620dd

SHA512
da30e480074832f5c81b2a598306057edf72e9c9d35f581c1bd5b05a39059b760a4fa7657e229f670eec9d13a58c27cebc70051289061f107c0e5ab5ee11bb63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
12KB

MD5
964f281dab78f408416ca0c77d864603

SHA1
36fbb093ce117fb8da536c678d0cae06869eab3a

SHA256
de8bb71be2d7867e12daee9195f41275b952b5b7077f97a8f6e55a06deb90006

SHA512
4cc78a516ce54b2cd22d61db36436443230c3292e02d02f03a3ed68baacb129a48131b4be77f8512178c4e3436719138d1f476c6e901139fb256159b998c9a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
3066bac3c01ace52d12891dd3b856ee8

SHA1
478a9974b6c3fe3ebc07f098979e2c126d638270

SHA256
b9561c79101eaebd940cf1a4814472280d6ed1f1a324360cc55643f8e26b3a7b

SHA512
846a9fb4f52242d3f3e9d306e7b1b5241e96796a35d36e3d49fd49499bf325583be80f023e3983e484ef2efccfb334942f3617ac1e7f76d4c8001ff0594614ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
4408a790fb833ace6868cba199500559

SHA1
f53bbf8bf695f5c85a5f0fa77ac75ca6d2d8a53a

SHA256
2a4720cdc0288c86cf96a97e44efdab729c993ea944e32f8652438ed55eec0a7

SHA512
d5fa623316663b3fad1b353b13256e66ceb8bf66699716c284aca70245ace3f32ca67a8b4321cfebc4d4ac683d8390fc5a383d6d62931a9aa520d43faffd67ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
a7599197e1b2ab2a6e892b5a803e024a

SHA1
2dc73d530df8d82818584311de49c48a3e215c7a

SHA256
216c94c09d9de12ff1f6b012de4cbcfd6952f791f1db70a7e75913ea9451b858

SHA512
22c9ce90cf205505473c088df4d90315add93c6c6717553ec73d8c8681f45e90a49824f49d159deb7045f267b9f4e97d895dda22d94560dc61a20989df5a6515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
73096cc2483d9a70dc5e6b7b09fbf759

SHA1
b1fc24b988c7ea98fafb2097e961ec6500653cf9

SHA256
0885df17bc8c8ad288ab28ebc3b28aa89e91eaac2530ebe0d229b8e5a146e1e2

SHA512
515ca0fbfd55c2d3ad951f2315577f2c830189f4a7e73c48df2a93500f6781f918b046dd43bbd4ff7e69f8728c998387f8e03857a7ebeac2ccae2f09f8983105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598a93.TMP
Filesize
370B

MD5
2d79dc74abe21a8825ded1f52b333d58

SHA1
7d15ab38460036562c5bd7193b3cacfaeb89899d

SHA256
e1dffc10666c02c1ed413988d3828e7331ad5995b2b546490c0294ba195d0a8f

SHA512
9a3b72e18c2934762b8c2638fc7def89cd07ad091baadc201668a5874a396f930af93ea9afec1847b409104ba14506566cc5573e4efb2cbd4636fa5d8044f915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
13c22c522fb76170de081d3d1f769a3d

SHA1
99a5576d16cd6d3a00491f419a85a7dfb8426844

SHA256
275de9a8e2e4f654b941665af5fe1c374ab8c0b1947cae1e0bd762fab671ca08

SHA512
0ab446aae229d0797f29aa122759eb00afe0f9c53329ca831d6124a8f666c6bcfb9843a223e4d378178476f1620f52c007ea6fd8ce6c7dd6b9c0f0bb9c341e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
574b53baeb23379a9d376b22b0b0bdd3

SHA1
cb0e60725f2d0f3346f31110417ca6e217ac5e2f

SHA256
23179de0718b66e1077b29fbe1eb467947741fa392a70c4219e497594e6cb793

SHA512
0c2137f0e10c67bf7075121a88857bcee2ba8df33fef1dba72668f417ca7c03f086ceb9b9efbbdade47df4e777ad47f121331d5d3ba3b3ea4c64db5a7495f62f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
372e177c760cc3bc549e8e930dde9e4c

SHA1
90933db084b24cb30a896c3a7b39bb2ff96bfd0a

SHA256
85a308436ebf5a52ca5aaf98d52a482b6a3d505b44aac98f234c0823ec4179e1

SHA512
6aeac3464ee6cb7d30cad7685537b4e29ae74f7bf918c570029f478f4281a2b59d994447fe9d1453b5635ff7cb9777f9afafc0d24d738ce3d7c4e91b1754ec9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
bb9e36ab44734fcb4a0bf58af08e6520

SHA1
476e096db22bd3fc32b3c6ca96caab9cab2ad32e

SHA256
cb8d37fd05b82d8fe780980ec91e7cf8be0fd2bde88345a5ac8f65c66d17a8b4

SHA512
bc6999f304bc8ae75bf90fd2b2a799e3763687040d72e49882942634a4c47c0800a8663b287a18b1367c98f05c0cb1b97def18757eb246dd98dc618006a15aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
13696c92fa88b400528842e923de4b8b

SHA1
52823c2b9591180e31ef5e06f5c7c6ab2cc7344e

SHA256
0106d9c8ee316399e025ede341b71cdbe370a3c48238a84f5ab716516989bc06

SHA512
d4d0a3bd7addc30fc7593774410dffbd5a5f26c9fa605fa4fc46f827f2a91eba26ba8c6442eb90adae275e7fbb801c859e51510577b48abd21a3d94dad7a3481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
e5c33b06d07d54b89893d3e62e9e3612

SHA1
f0769a234d41366aa8e920a58ead4cf1e1530a61

SHA256
3189756aa7bee5892c7040dbdc9409b51b927e5bc66ee4c85a60a95d3133aa23

SHA512
148bad9ba49d854b011e956975e1d6151d630a84aab75b59827df162227658231ef583884a2eecbdc501dcb72ca0d46ed4ddb80ef2303b8fed390e5bdeb9750e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
080d61a12fde1a8be66e5b118cc30648

SHA1
979f044005516ed7caf771babdbc955028fa22f8

SHA256
c055bfaa2ad31fb4efaf46c4297d435fdece55afc9adad6f740b7a9d7355f0b6

SHA512
e38e21c9f74bf6e6ebf78dd70d03b07067a4b3960ec95184f5592c8438f2bb711fd52b014c53e82cfc9085ab571b6a8d7c5a68503e0001585941f49584f6db5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
0415c4076e01194e62a850d0e95fca77

SHA1
9711df2c2514b851dd7a0b608d620828c2f6c858

SHA256
94f0a798af2ae654411ecb47395aef8e7e805509db88201dec79b9d45e6de2cb

SHA512
1651350d127df472975176160b0c847bdfeae26d22caa8a1b938aa24479b2943696d3893197a8a15e215a12004e1c7e32e9de34764d9b383eef75f959b75679c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8a18570a68a76c2bac91d42aa63e235d

SHA1
b8be4ce14a9c407ef1e55cbf7ddd3c61904d036d

SHA256
eafc105873d10cd23f3e2ffb05ed0245c4bfb59a9b32cbaf2d66985a8c0f664a

SHA512
aaccde5d864b32aef47f28638586cdeee4a2f39ede6ae87e3e52743d75061473a6c87064449f07b849f05738bab5f26461f1f534ca772634f1c3250e86cd1cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\AssocProvider.dll
Filesize
136KB

MD5
702f9c8fb68fd19514c106e749ec357d

SHA1
7c141106e4ae8f3a0e5f75d8277ec830fc79eccc

SHA256
21ad24a767aeb22d27d356bc8381f103ab620de1a47e374b9f961e44b543a358

SHA512
2e7d403c89dacdda623ed1a107bac53aafde089fdd66088d578d6b55bcfe0a4fc7b54733642162bd62d0ca3f1696667a6f0cb4b572d81a6eefd6792d6003c0d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\CbsProvider.dll
Filesize
1004KB

MD5
f51151b2d8d84cddbedbeffebdc6ec6a

SHA1
adc9c19aa0663e65997f54835228968e13532198

SHA256
7fe4e4924fbbfdf6d772cb9d0a4963d49f6aa18b3c86a2e8df6ca49e22f79884

SHA512
802b58617be5e92bfc0c7f8c8d7443128d81908ae99d9a4ce0a785f858dc7832c70dc305f2ad39c9f57db01c05f483f6bf949ad8811fc6fb255c5aee88c729b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\DismCorePS.dll
Filesize
200KB

MD5
7f751738de9ac0f2544b2722f3a19eb0

SHA1
7187c57cd1bd378ef73ba9ad686a758b892c89dc

SHA256
db995f4f55d8654fc1245da0df9d1d9d52b02d75131bc3bce501b141888232fc

SHA512
0891c2dedb420e10d8528996bc9202c9f5f96a855997f71b73023448867d7d03abee4a9a7e2e19ebe2811e7d09497bce1ea4e9097fcb810481af10860ff43dfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\DismHost.exe
Filesize
168KB

MD5
17275206102d1cf6f17346fd73300030

SHA1
bbec93f6fb2ae56c705efd6e58d6b3cc68bf1166

SHA256
dead0ebd5b5bf5d4b0e68ba975e9a70f98820e85d056b0a6b3775fc4df4da0f6

SHA512
ce14a4f95328bb9ce437c5d79084e9d647cb89b66cde86a540b200b1667edc76aa27a36061b6e2ceccecb70b9a011b4bd54040e2a480b8546888ba5cc84a01b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\DmiProvider.dll
Filesize
436KB

MD5
e54120aa50f14e0d3d257e77db46ece5

SHA1
922203542962ec5f938dcb3c876f060ecf17f9dc

SHA256
b5fb1a5eb4090598d5f878cdd37ed8eca82962d85995dd2280b8849fba816b54

SHA512
fbce5d707f6a66d451165608520be9d7174a8c22eb9827dfe94d98718e2c961f15ac45583b1743f3b8078b3fe675992d4b97bfc5e4b893b60328d94665f71dc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\EdgeProvider.dll
Filesize
200KB

MD5
c22cc16103ee51ba59b765c6b449bddb

SHA1
b0683f837e1e44c46c9a050e0a3753893ece24ad

SHA256
eb68c7d48f78b46933acba617cf3b5fcb5b8695c8a29295a9fa075f36910825b

SHA512
2c382aaddeca4efda63162584c4a2338ffcc1f4828362ce7e927e0b39c470f1f66a7933ae2210d63afb5a2ae25412266fde2ee6bdb896c3c030bdc08b67ec54e

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\Ffuprovider.dll
Filesize
680KB

MD5
a41b0e08419de4d9874893b813dccb5c

SHA1
2390e00f2c2bc9779e99a669193666688064ea77

SHA256
57ce7761531058f3c4289b1240bea6dc06355c9c4b4e88b9c9c0df8012edc5b3

SHA512
bd370e49da266148d50144c621f6415bdd5358e6274b1d471b8d4ee1888d93774331c3f75e6cb99782f1c8e772981cbc5a4baf5592c6400f340407dc670e547a

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\GenericProvider.dll
Filesize
172KB

MD5
20fb116831396d9477e352d42097741c

SHA1
7e063ac9bc173a81dc56dc5864f912041e2c725a

SHA256
6a940ba16154c4a1729b8560b03efb5f2558d66b10da4a5ec26c1299ea713bc4

SHA512
851843da748555eba735e1f5457044f24f225bd029534019814a6d1baf2e0bd1f171d297c362cfed5977274b266e823b7ad131ae2512568f7a5f2e3ea498b69a

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\IBSProvider.dll
Filesize
84KB

MD5
f6b7301c18f651567a5f816c2eb7384d

SHA1
40cd6efc28aa7efe86b265af208b0e49bec09ae4

SHA256
8f4e3f600917d49ada481ff0ed125fef4a316b659bb1197dc3036fc8c21a5a61

SHA512
4087d819706c64a5d2eed546163c55caacc553b02dc4db0d067b8815d3a24fb06ea08de3de86aac058ff2907f200e4e89eef2357ca23328aaacbe29501ea3286

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\ImagingProvider.dll
Filesize
248KB

MD5
4c6d681704e3070df2a9d3f42d3a58a2

SHA1
a9f6286ac25f17b6b2acd1fce6459b0bc94c6c81

SHA256
f1bbab35b2602d04d096c8de060b2a5cf802499a937fd1ffe749ff7f54852137

SHA512
daa0c723312680256c24457162e0ef026b753ba267f3e2755f838e2864a163802c078d8668dd2c2064cb8887f4e382a73d6402a5533b6ac5c3cbf662ad83db86

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\IntlProvider.dll
Filesize
312KB

MD5
34035aed2021763bec1a7112d53732f1

SHA1
7132595f73755c3ae20a01b6863ac9518f7b75a4

SHA256
aac13ddb9ab5a165a38611f1b61229268a40d416f07740d4eefba1a8fcf7c731

SHA512
ea045aa46713133a5d0ad20514cc2a8c8fffb99b4e19c4d5262f86167cfce08a31d336222fd3c91e6efbfd90312bb2325337aa02a8489e047b616085fdf46c1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\LogProvider.dll
Filesize
108KB

MD5
c63f6b6d4498f2ec95de15645c48e086

SHA1
29f71180feed44f023da9b119ba112f2e23e6a10

SHA256
56aca41c62c8d0d1b26db3a01ef6c2da4a6a51fc963eb28411f8f7f029f1bfde

SHA512
3a634340d8c66cbc1bef19f701d8bdb034449c28afecce4e8744d18181a20f85a17af3b66c8853cecb8be53f69ae73f85b70e45deac29debab084a25eb3c69dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\MsiProvider.dll
Filesize
208KB

MD5
eb171b7a41a7dd48940f7521da61feb0

SHA1
9f2a5ddac7b78615f5a7af753d835aaa41e788fc

SHA256
56a8527d267116af39864feca528be5b7a88c3b5df94750154b2efcf2fda5d55

SHA512
5917266aed1a79ee4cb16bb532ccae99782d0ee8af27cb42a6b39496c3de61c12a30ce524a1a66cc063101ebcfac957d1b129aae0b491c0587f40171ba6bae12

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\OSProvider.dll
Filesize
180KB

MD5
e9833a54c1a1bfdab3e5189f3f740ff9

SHA1
ffb999c781161d9a694a841728995fda5b6da6d3

SHA256
ec137f9caebcea735a9386112cf68f78b92b6a5a38008ce6415485f565e5cf85

SHA512
0b18932b24c0257c80225c99be70c5125d2207f9b92681fd623870e7a62599a18fa46bcb5f2b4b01889be73aeb084e1b7e00a4968c699c7fdb3c083ef17a49f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\OfflineSetupProvider.dll
Filesize
213KB

MD5
3437087e6819614a8d54c9bc59a23139

SHA1
ae84efe44b02bacdb9da876e18715100a18362be

SHA256
8b247665218f5151f0d19f59ea902a7c28f745d67a5d51b63b77242ffb4bdd74

SHA512
018e88f6c121dd4ecaceb44794e2fa7a44b52ddb22e7a5a30a332905e02065cbc1d1dcddc197676277b22f741195c1b7c4c185d328b096b6560b84e9749d6dde

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\ProvProvider.dll
Filesize
800KB

MD5
2ef388f7769205ca319630dd328dcef1

SHA1
6dc9ed84e72af4d3e7793c07cfb244626470f3b6

SHA256
4915b0c9cd8dc8a29dd649739974d244f9105dc58725f1da0d592af3b546e2bf

SHA512
b465917424dd98125d080c135c7e222a9485ed7ec89004f9a70e335b800e5b9419fbc932c8069bae9ff126494174cf48e2790030dd22aa2d75b7b9d8ccff752b

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\ServicingCommon.dll
Filesize
944KB

MD5
07231bdae9d15bfca7d97f571de3a521

SHA1
04aec0f1afcf7732bc4cd1f7aab36e460c325ba6

SHA256
be75afbbc30cad7235adf03dcc07fcee3c0c330c89b00e326ebbef2e57df5935

SHA512
2a46e0657e84481faf5c9d3de410884cb5c6e7b35039f5be04183cdac6c088cc42b12d0097e27836af14699e7815d794ca1cec80960833ab093b8dc6d44e2129

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\SmiProvider.dll
Filesize
272KB

MD5
46e3e59dbf300ae56292dea398197837

SHA1
78636b25fdb32c8fcdf5fe73cac611213f13a8be

SHA256
5a0f1279013d1d379cb3a3e30f1d5be22549728cd9dc92ed5643eacf46199339

SHA512
e0584da3c302ea6ffa85932fa185500543f15237d029fdc4b084aee971ec13967f9e83cad250bea36b31f1a3efb1cc556da7dd231e5b06884809d0af51ebdf8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\SysprepProvider.dll
Filesize
820KB

MD5
4dfa1eeec0822bfcfb95e4fa8ec6c143

SHA1
54251e697e289020a72e1fd412e34713f2e292cf

SHA256
901cea68c7a158a1d9c030d3939f8f72057d1cf2f902aec1bc1b22a0000c0494

SHA512
5f3f710bef75da8cddb6e40686d6a19f59fbc7d8a6842eaceb9a002ab284a91ecf48c352171e13f6a75366610988e67710439f1dde579311ebbb3cd9e4751aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\TransmogProvider.dll
Filesize
1.3MB

MD5
c1c56a9c6ea636dbca49cfcc45a188c3

SHA1
d852e49978a08e662804bf3d7ec93d8f6401a174

SHA256
b20b3eb2df22998fd7f9ff6898ba707d6b8833a8274719a5e09d5148d868faaf

SHA512
f6db05e4644d734f81c2461e4ad49c4e81880c9e4beee13dbbda923360ef6cf4821fccd9040671b86ab2cd8c85fc313c951c1a69e4df14d94268753ce7ae5b2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\UnattendProvider.dll
Filesize
256KB

MD5
7c61284580a6bc4a4c9c92a39bd9ea08

SHA1
4579294e3f3b6c03b03b15c249b9cac66e730d2a

SHA256
3665872e68264bbf3827c2bf0cfa60124ea1d87912728f2fc3685dce32855cb8

SHA512
b30b89d0d5e065042811d6ff397d226877ff698aeb1153681692aedabe3730e2f3746ad9d70e3120e336552bab880644f9ead0c91a451197a8f0977a2126a0fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\Vhdprovider.dll
Filesize
596KB

MD5
8a655555544b2915b5d8676cbf3d77ab

SHA1
5a7529f8a6d50d3f4e13b2e3a0585f08eb0511a2

SHA256
d3a2dd7d47bfbb3897b927d1b7230b5b12e5fd7315d687458de15fbb08fb7e27

SHA512
c6da649ae3c3688065b37bccfb5525ade25ba7bc3b163ad7d61f3b3d1c4957c8fd6c9f2bf23b0dbc4fffe32e980acb5a5d3895b8a012c5ed086e3e38caee2e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\WimProvider.dll
Filesize
672KB

MD5
bcf8735528bb89555fc687b1ed358844

SHA1
5ef5b24631d2f447c58b0973f61cb02118ae4adc

SHA256
78b742deddee8305ea06d77f296ad9fe0f4b4a27d71b34dcdff8ae199364790c

SHA512
8b2be4e9a4334a5fc7f7c58579c20974c9194b771f7a872fd8e411d79f45fc5b7657df4c57ad11acb915d5ea5d1f0583c8a981b2c05104e3303b3ee1469b93f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A06AD6-C513-4F5D-83CC-00CEF1B39F45\dismprov.dll
Filesize
292KB

MD5
2ac64cc617d144ae4f37677b5cdbb9b6

SHA1
13fe83d7489d302de9ccefbf02c7737e7f9442f9

SHA256
006464f42a487ab765e1e97cf2d15bfa7db76752946de52ff7e518bc5bbb9a44

SHA512
acdb2c9727f53889aa4f1ca519e1991a5d9f08ef161fb6680265804c99487386ca6207d0a22f6c3e02f34eaeb5ded076655ee3f6b4b4e1f5fab5555d73addfd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CPU-V.dll
Filesize
84KB

MD5
c324caacf1859269a6d0e7465644891d

SHA1
3b962eeebdcad3f99d1d74d417186b9e24417d84

SHA256
62cce2c15b1b06e3f7cc89c6707b437b010163d93ece7d40c349103d097987fb

SHA512
51a631092201de03e144e9a7112ae0af095379c9139fc309a043f8b71e593453230ba75d2089be82c59e5a62d353b0dc2294d850d42645d398e9e6ac08c238d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CPU-V.ini
Filesize
11KB

MD5
71aeb97dda8b98fb3dd0eccde3610b73

SHA1
48dbad3303ffc7814a8e1c5962f3058f0b298257

SHA256
ba2267e8aa29108d63fd826e1fd3481bf905b4f1ec6f5de87ecce49378f8dc5b

SHA512
317ff8c725a72ed8d9f065b8e78c62193bae3a66d4ac8f7e163f04fb5b26ce98b6343639dd5d91481a9f44fdc49ea350baf7947858425b250c18a4d00c59b3fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
Filesize
79KB

MD5
d9cb0b4a66458d85470ccf9b3575c0e7

SHA1
1572092be5489725cffbabe2f59eba094ee1d8a1

SHA256
6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05

SHA512
94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1o4wjtxx.1pi.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux-downloader-9ffeea45-6ab5-411d-8e1b-a526a22f0992.log
Filesize
455KB

MD5
1642d6c0e05438fe4efbe6138f3785f0

SHA1
49aed21776e071d6b22ed5e5b1ea31ecb80739ef

SHA256
2c4fc995534d68bd5d2347562556e53f8cbcd73f1c88e5ac3f919ad75e58361e

SHA512
43e0baa6645f1828b524e1579c70376cd4b95f4b52bab9365b5719d62892cb0430a2d8d12e3f02f9ef5f16b711dc6df56251988f746cc9455bb9660009307c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-HypervisorDriverUninstall.log
Filesize
50B

MD5
abdafce361b743ce2b265c8fa2b9c1ae

SHA1
dad27f32a35288ec4dd75115e2b73932968c0241

SHA256
54aa3c35d1230b46f7b3db82936b288312f7b1ce654a77252d170c5f38aa9124

SHA512
fcb6f7c029dd38cee4d83af4af4a0942c94af053c2e69f32566ab214febb413509876c79cf0450d7a0f81b167994aa15f2d861c3d55ebcafdabef2fb9315a939

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scCreateMuMuVMMDrv1.log
Filesize
76B

MD5
b389125ba0e9d4252f8bc5cf2e164f0e

SHA1
fe0a9a674e82b6c008146f653fef68fdf4f120a1

SHA256
165fce4e89791c932caae6b5296da9f6f8ae65ae959da811dc7acb9a6abbd352

SHA512
cd91e53b5da442ed1b75d56a1eb86bae520a50ddfbfc2d35f02a18a8a4ac5b61f2b0406e0d8ef05dfd43c3442e8ead04e7006b0eaba8a2ae49cbd725378f4854

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeforeScStart.log
Filesize
270B

MD5
0649d4c069fb3136de50d9ebe44b7cac

SHA1
a58bf5d93120eb91eab5ad7af282c99c0e36c4ba

SHA256
aba93de5e732f49ecdd398b49f44752478a6ba279222bfce8b622a37124fbcf5

SHA512
829daae9029c6741c06374f2b7f642e88d3f5707d7eb9ef45692a16d1a05f8d6f66305ddf51a222a8748157317f76c5115cbf1bcce0cbbb4b0c4e56a50813854

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeginUninstall.log
Filesize
122B

MD5
6bbcfd360c0797e6650f0d3cb1c36109

SHA1
e22b5f6a4654134d687a3908464e67faa23d84ff

SHA256
df023ca139e8dcb21f0d4a603b34af95f980c1e388c97e4735dd698d0329113c

SHA512
0281c1cc1b104c73f130068a905e37b75f3c3a40884d3e2cc421aeaf6a3c6b938393894fe750fa7de44b9d0a25f9b3c11bb386fd133b3d710a549632ed9ea604

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scStartMuMuVMMDrv1.log
Filesize
259B

MD5
13afc9906554e0f3d222d7cf6b11a94d

SHA1
08cfb5c4afd4c2670e3c43157215c17dd86d1f4e

SHA256
0fc284c7ea4832eee9944694090f1feda6e44f4695aa8f3e04dded56b6f47bae

SHA512
1b8825014d6539ea504de1a50b9e203ed8bf036d7d17615b6bf7c918da9034732239785b669ef91d7968c9ab4898542cf17fffd2018c62c5c0713fe24ccbb8c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl460E.tmp\AccessControl.dll
Filesize
23KB

MD5
bb0f26c7a18434ee1d648c7e6743d1fe

SHA1
f7503b348aa7c7691668fbb64ccd541e247f87e5

SHA256
1b4d25f2f544f520c20493ee1e9ac7b3043aab88e4ff87953390d357de4c2096

SHA512
4311e960a4f8f441b25c5ec9a82d64112016ff9c4510dfb082a0c1bcce2d03cb2871912dcaafc5d00f07ed9ac4d6d7998cdcea2bfc84f7180b2f62a2cf24e08d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl460E.tmp\ExecDos.dll
Filesize
14KB

MD5
e2716246ee731417abee9ea26cec1d56

SHA1
6687e5d8b0b705fcdd9a4020215891d5b7723084

SHA256
691ffd34264d1813827c35083367a08aec974e9f79fb585b7d2d367c83760fbd

SHA512
355bb040570a1ba64a03463a9e6695015c2ffda5f30b7ce801c39ab1a7ba36134bb8fa9b5a1ffd102f6d71091b77133f8d68d305d5c1949ccad2e8eab0258505

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl460E.tmp\LogEx.dll
Filesize
52KB

MD5
6eba32325d2db645c958c551f0aa2e31

SHA1
b116cc9ff0369af681ebf805a1a3befedd9ab868

SHA256
cf7b45a69a13551db95dcdefc8bfdd4128e1c1db67198347b43469b69c36b844

SHA512
6c48038341bb16ce50b01c99f8ebfc919adfce61008d9718c06d55e92e54625ed2ab6ac850592e847bca61d7d57809dd531afeea4f0fb0c8310cfe1710f37927

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl460E.tmp\System.dll
Filesize
12KB

MD5
283555de06751c261b66243bbb1558da

SHA1
4532ed4e255ad0163494a02081b45e893ad666f9

SHA256
b6298637fea88a44e4de3f6b7fe254fb73857c08f1dcd8bd1af6f9eb5e6e7e3c

SHA512
469dbb4b7cc0d4f59d903415fbb7ea6417323f0daa2aeb2945a9744668f3d9fa95eb34a9d64a647835b563c74c3484c6d4b823a75119599aa5f975dbe471d3ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl460E.tmp\UAC.dll
Filesize
22KB

MD5
b7e1d609915cf0b3f9dfee488a92fc91

SHA1
d9c873b39e3cac648742568378fe788b2cae6e84

SHA256
fa3bb333f615689691ff98527dc3341e3b8ffee4bf97c6128820bf0d303930e7

SHA512
ae4a00659f522996600bd0754b2f2706e297939ea616ada66e590409c6c2f28ed7ed39b67a078ae72e9b472a97291c7f3da42339051ef1a3d1941b0368b2e775

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl460E.tmp\UserInfo.dll
Filesize
3KB

MD5
cb310d97bd72a6ae8fc6e44c88ef9e8c

SHA1
ed935c8f17340fecb7021dddd9dc7de0e23bf487

SHA256
d6fae2e57c84b25b73fe942fb7ba725158b21ec81c9d989845b64ba1ee337c27

SHA512
8351004d0bf86c5577940613cee26803d797b2375038726ce31827d66038664aaf74399d7d5e11c6487012942fb4f147b7021d6e887ac09c39f541991f594f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl460E.tmp\nsProcess.dll
Filesize
12KB

MD5
b6cd62358973125f52d756d6d3aee8b2

SHA1
7c9fcfa85a88c507517a659f778355b56cef921f

SHA256
44c14f1edfe7deef518264675e3e4edb6991d5ea0d50f0f6b18a819dc31bbcba

SHA512
a5b756e3e1a31ad7ad9026bc492de2ef8983385e7c920a2e3eea363df3c6d112cea2a0373cd9bd8be1fb3536ee9623c6844b3c7a92d8cf6ee050aeec7cee76bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
a28b5f9b29278e3508736443bfa9bdbc

SHA1
be5711d8c1cdcdffaf8c2157545e1f0c995aafaa

SHA256
e80639c39da78c9725950b4aa43f77e06016f0024aeda162fd6e6c7e1d7d795f

SHA512
4c40c0fd403776f3712dce5d3d38cf760b89ae014a6e6234dc95b2ffea605927836c537e6c1abc60832b6532b0c173a4b75e67d63fad56ab0436788f71603555

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
ce7d6805433400d7274841d017a86e24

SHA1
3bd577da350a4bf0ce804c8397fe8b674542d000

SHA256
a0575df2e689bff0f1ea8472b31ee1a6f6176be4f9b0608f739d2bbd3b15418f

SHA512
6bb59531a8c436554fedeb79a2e76295d1ac2b03eb845c800173d8b6d614f4177f517746ad5ea3260d1d7a290015ba307c96654f3612792a4a211393402274ed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
0c93fae3b730250d6fcd501301500b8c

SHA1
2a5dc4934374181245003433e32cb882c5fc96c3

SHA256
5c73301cacb2eecf6c484e22e820094239168f4365779cd869aaa5856938e12a

SHA512
ca23df9055167f46b2d8d9cdb4fe02cac1c97ab4204600783222d8cfe5b866de69483d506426abe70de894078d2909ce15adb81659f3d1bca94721e1a502f098

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
Filesize
73KB

MD5
b001f88504c8c9973e9a3b4dc03e6d1a

SHA1
a54b3046a70a4f2c792ad6a382b637b599f1dc48

SHA256
8ee4cbed114a588e934b5043f95c9c06f40468c2300fa0d1d938d16c1d46a8fd

SHA512
390e53be657fc35fb2e9f41b76b3b07c161a860d72445a4b1425ca973a6d8c0f32f6de6844719c6e9813e8d949ab65263642dea01c800a00285bd45595bed4d8

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi9\log\leidian0.log
Filesize
82KB

MD5
807ae8a115d37da22db42a5a283cd399

SHA1
0d9484bd0dd6efa76d50bf6a49e6c78a296ee950

SHA256
de4a2ae6041932bbc8d4e6624df5856efff0d266c784e22596a351d9aa542e56

SHA512
0cb2e284454b5008b09e14c93a78775f50b25958b725c777dba85940611cd309f41598c0e728db7ce39d5684b50c39166dfbca1ae6fb8d225c5fac3d6d7da55e

Download Submit
C:\Users\Admin\Downloads\5793e592-d365-42db-90c7-3fed9c7f6da5.tmp
Filesize
1.1MB

MD5
40695d01e0b35f2bc7ecbd9595f4360a

SHA1
0898b5a6016b4b442233869342d61144986e3804

SHA256
f899c78c1600beb6df038d9506cba2f8275e7621ca16ff53d74acfa99f6e46bd

SHA512
82d4cbf149626025df25d952a35c17727f46fc18076928f5b4721710f19b2cdc09a111a7f9464e3cb7d1c37e0286abdbf3eac26c1e3de5b803f196385fbd3344

Download Submit
C:\Users\Admin\Downloads\885ebfa0-8512-40fe-b0ad-ff1c43b2a900.tmp
Filesize
93.1MB

MD5
4d1b0ada9aeb049dfd872012f1c78717

SHA1
e4f03d677c1c1fd3b860c183745bebcef1483044

SHA256
33775f9cd2ed11a02039cae1060c6c7b32b8dedbdf395ddb9647c2620612d3b0

SHA512
d2a2a88970b69b782795a25180e4f894e6cfb19e03e357ba0b192288aabfde41ac59f5061999c72122a4c9fbb99009b71d668428596616a87cdd286b4578032c

Download Submit
C:\Windows\Logs\DISM\dism.log
Filesize
17KB

MD5
1069a5d3375499fb534f68f8ee276e08

SHA1
3dce1e482ffff66a4c08093ff252a601b5f75c9d

SHA256
5e004ca2237e450a3fd4a4f70a79e2d68ae9bafbf26c872bac7eea9e44d18fd6

SHA512
810511fc3928ac2bcfd7de58ac017dca46f57d363332dc76616f7871fbf551d8386bca1656a4185d41ae91ba74c9404020ea6269c3fb3c1344bc788f8ad12428

Download Submit
C:\Windows\Logs\DISM\dism.log
Filesize
23KB

MD5
e161c90db9de490c1eff626d07eedebf

SHA1
b14ca8cabf5adc85c62909e785fbfee49db1ada0

SHA256
996e20d308112e91eb23d0a013771e88a6e79a7ad0d1aed880547169fd5aef76

SHA512
189e7d15686fbf1e60dbf6361bf7d27a7f767363c3a0ad062367a9ad48577982bedca8f4d8974941e4b3b65ff88552e2f322f93fb5de92a947a4bc540a5114af

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\7za.dll
Filesize
251KB

MD5
a3a7171df4197d614bba55f6d0b6b299

SHA1
4804be364e103d790f43e87189fb6dc4ce7cb2d1

SHA256
143bd146195f5820ba80ced47611232eced566cd57faf92a1572bed64fa3d38e

SHA512
6612effb22c25983ab00caeb12e757397b34f20c2f7a7b2d56ef90348c411ba44cba475b53338049067e18ac232eadae21001f6d8939214754dd32511a0fe855

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\7za.exe
Filesize
647KB

MD5
0792a18e287f2658d7f08dbf1a3b46bc

SHA1
53993dd15166bc923a266387a9fe77030f53d9e4

SHA256
c0887d90bb804edb3eab48a8e87e9cff2e6ba00e6800769878d74bda21a2e754

SHA512
c82070f1d725d21a391bc6d6e25626aae1cfd63ab04e41197c220dd6fd160a5540f6af2bfd053c35628f6fab25f5c23373fc528303adb773f12f386fb1dd39c7

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\7zxa.dll
Filesize
148KB

MD5
6ef2270f72e28f05f3e40df51dddaf34

SHA1
c0813f3063886b1d4fb0eb640a2c7eaa49fc3301

SHA256
b7fe472c2c38e3a2761ae55aa49d92e36ea775c952a97d8ddcb3481d2f3fb83c

SHA512
b70fd05e7029933a96c3e228ca43ebe61a8a2b795205a06fc1de7e9b1aed491fe8ce311371653b08ff9edb3dabb0a11b4db305b1d28eaf7c8568d2867fd1d156

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipEng.hlf
Filesize
2KB

MD5
e6afb1ff561e400b678d569783691785

SHA1
eb2e563aced611061bf8a8eb06787df98a069998

SHA256
a3343040838101f95fc0df8828f01b8651f29f3e0fe692589f01fae387749926

SHA512
4bcadbb0f3fe68dbde5cfb677ff0c882c57334a36e81f3f49b10c3897d0f8d4927f069a70456ef203c734bc715a8d7ed57fcb52249ac88ffa6e05b28ff8634a8

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipEng.lng
Filesize
2KB

MD5
435b72435a89a7dc9368f43ed72199b3

SHA1
f4c4e96c4c2fcf3742ae30419c351992968657db

SHA256
46e788ffdfa4ed917ecef44ae1a47dc1885427d05289745e9bfbd4adeccd6a71

SHA512
ee80154d2c7fa5abeefac8acf5088397ee617f627cf52b1ed8d91a6a4a647d74ac550e2531600019d83e64074a2b1d6cddeb34868ba338b24461d1b29fa3dbec

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipFar.dll
Filesize
243KB

MD5
8e37d5ecea569c7f6f19599e4fe3e600

SHA1
7e9b686d4e937d425bd578a356ac4b763c6947cb

SHA256
af37a68cb9eef8508c3a27276bde2a5972d0b1390ad604aced00d74376d692ac

SHA512
ec10c41eb2d07d850d98535c49bbda1e55bf12a2e44184f4ece17d1ea0fbd0ed26680788b18803581ff37d734ba8b255d392127e3e8535900e7e835e51436453

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipFar64.dll
Filesize
404KB

MD5
622ae84a621d979a63a405807f13ecf1

SHA1
4b229c5e6e025e1256845842d6571ba24371a110

SHA256
2fd1d890c2e61963edd157f5ad6943b53a4af0758f1928fc32e7e135b794254b

SHA512
baadd15f8bbf8d733b36ab95691bda0b4b7573ecfcf6e34984553ff513b9fa42b4c3e3d0edc93f4571ae6340d70cccb2584d9c5c5e00d52b21c2798c2d7664b2

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipRus.hlf
Filesize
2KB

MD5
569652a3dd367d005bc5fafaa4a62b10

SHA1
0861ae8b37532f472f323847ce25483019361678

SHA256
5948a065297a96e431922390fac9b01ea43ca6d3d92967214d270ab15c99800b

SHA512
ce59133437f687b68c773832e1c70055220dfea76ba75163b5790a4ef470402c44cb120e57bbf58810bacae62c2b0f3cd31d87854a9656368cde92e38532f391

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7-ZipRus.lng
Filesize
2KB

MD5
a35bc971d1cb19276893270ac1593f4c

SHA1
9a6f96abd7b12ebbc9f24ac42ca4ef753fd52388

SHA256
18a247e9c486ae03b0a842b328e8b2adbd5c4c758e28c2b409e29c5a9bf1a9a9

SHA512
8cdcabad3267d6614d6eea77a5901f44cf601eb865f6958f6dc56110ccbe6a35258ff9692a6316b7d4471a716a4365251c0b9c1cd3d93879c5d14c2a00b4bd0e

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\7zToFar.ini
Filesize
2KB

MD5
907127a8b6c38ecb502b5186f1529cc8

SHA1
be61fff438d3c7e0c324b469bce2f7d9a54e0167

SHA256
8e869813a812943a220c2dbccc306edc46528127b32fa1a704a01c21284c6076

SHA512
c6fef172a7b55f52f9c2017564a0ba5991b064ce4ee48e94636758c5bc52ea1d876842a7874fa2fa45c339dd6c54e469078d7e944402a98384bb8065146f549f

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\far7z.reg
Filesize
2KB

MD5
d0918852a0c0ceec63d01e17cdd72c54

SHA1
9977f7b56c71637e0d16cf546e41ba17e8500ab7

SHA256
3907d7dbd11309add2a52ed781d630869023f97972477aa2f9228a1d1ec1765d

SHA512
811ea2bdac6e12cc731fd4fd055c1327352d400a2b8b63d5315ea7f76eddd3db8e2b26599751da29128c5357c46892d68f0e16173d0912d90ca607b5c2aeced6

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\Far\far7z.txt
Filesize
2KB

MD5
e1fa666bc582130d4700a3fa7ea77a2b

SHA1
e25b35af508ae4d0d8da856f7f52f06cbe21a6ff

SHA256
6f464cf2417fe86d88634a3be72060b26b4ce695b9bf60e46b1d8fce8835b2e5

SHA512
d9081ee4dda676b624e804389ac6e53e1cd62d1329c9dea77194c06fe1b135f2d2180b20a9047b753a5fd2a420b3e8eefc4f60825d95d1970b77e283658ce3f0

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\x64\7za.dll
Filesize
365KB

MD5
4bcbe7d147885e422491ab803c31431c

SHA1
47d49484b874787616ec646736c63a80125b6d9f

SHA256
ee4b4651a7b2ca9dce94b7c274d9e9f80b272be3cdf756f421a21701c60f7d5c

SHA512
ac77a1a7ad9f816859e08af28c99a4f1a1e7c88dc3452bab5b6d8c9089e97c23ec5d63283e8992b8f3c69cd067fb7ad66cfc0b8532b447bb774707cb56ace422

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\x64\7za.exe
Filesize
1.0MB

MD5
c7b22afb68e9d8bc28fabc747c985270

SHA1
6a66c177cda1a77cb97b1e011dac5029bdbdc13b

SHA256
b594169f92c5223f5b9b986558b27b908b5ea6c2cd5af7af637e02693330442a

SHA512
a8ca73c837e1ba7c0384e3e6bf73f127d76e527163d27efb66290d50c53af5267b7e8e04c60b78508533161c7a2d4b90b316afc497f9c95f536f0b5b1d6c1971

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\7z1602\x64\7zxa.dll
Filesize
198KB

MD5
b217928e1b800f08cc3391c96c13fd68

SHA1
eafd967e4398846cc26b00e33c8a3ea8008a0563

SHA256
2c3a4ffa355e9459b6affb60f96d827f89a895d3f27a62d112b4e621674166d3

SHA512
ae646a7fa11d37c21d0bc4494ce3ce183c1eabbd3570d6717bc3fe4f7c1626808455a6275b7d1a58a4c2c5041d068a8fe3102347503bc503bbfe8701c2edcc46

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuth.dll
Filesize
19KB

MD5
419874bf64461f173a2dcde30a9d068a

SHA1
0cedd525d703e5cd680570d79476ae5600cae796

SHA256
fc8b92180b01e3c0579a8ade48fe5c98aed818de0f93de16565905fe90b3d092

SHA512
b5389d13e36424b6d205334bff0c82de657463258aa8cced5cb5b6dcbac6b16c81339c8254fbed77d1f49896c8ae76ed05a05b6afe224abc34dd99cf744ce882

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuthSimple.dll
Filesize
28KB

MD5
271baf8cbf8282a9310a5026c2f42d03

SHA1
cafccdd75c95d06c9d4849b7009351a9459ec7a7

SHA256
4e61790ff8ea8279a003c0427d86248dc74643ceef14dd0bc6543ed008b960aa

SHA512
9a9469920d86b75f1a95817e8c3bab4bd4d17d3240b5837d7777859a947c5a0e4a3987f1b0c91c4366ca970acdbe81288b9e2cc170202a972b8394d6c7667bd7

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMBalloonCtrl.exe
Filesize
144KB

MD5
8a7994be6ea941296b492252de59cc74

SHA1
c5f3ef41482961a89f5649fa3a229fd334f2d268

SHA256
865e6e5f38e3bcefd5d06c4591208f2d555af5294829a4cfff55299ca230dcbd

SHA512
9d20c3dc2582ed252dac46e323c31e019fa8d1e7b8c777596b0e512b57edf5c755112adad2d0e0db0ba8e733a07bc6b895ee024293b1045bb359fc0b0c70ddaf

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMC.dll
Filesize
2.9MB

MD5
3aec0d63173a168c3867dc4b7702fc63

SHA1
0393c5621e5f6f4e7e148d2dc97f7edd6dc78e5f

SHA256
5736d65e53f1663c72eae70f9446e2aad37493dd59007a105733afe34238f202

SHA512
9e7cdd8d07e60962ebf3138225cc7be9fdfaaa333928bd3faf64ec2804ec730dc4935a2ceb9a213ba2055b5e177987727444f733420e9a629e3478fe65f9d769

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMCAPI.dll
Filesize
32KB

MD5
b94fedd54cfe88c84112cc31805faa68

SHA1
d8467b384573ae86861ef8f6ea905fbd838ae2fd

SHA256
cbfca3fe8d0cee14707ead3bb781cfcdb71af1378054d09cbe5bf6f3c9259cf4

SHA512
9a08e44af9f8ff000253cb3c8e801286203a99610b76b76d254d9b7ea1868aff653d9f73475fad93d83e5a5096624a2e044505ba7ea779244cd4b00a7c367eb5

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDD.dll
Filesize
1.7MB

MD5
7d2a12509733e35ad5852e97d34e2f98

SHA1
a0a3f1302d0b3b547b6f41b6f9f3b107a208c80e

SHA256
9697fefe8185831374cd8bcc7d0c41ec5cfe40d0ba8a48929cbf8d0fac1e6721

SHA512
6bc07d62d8a03b29f9eeb5113fb30a42d176f215cfc111303a904a9fb4ec2c61d2ca61db4cb2cab80c54736a857b2113b217cfcdc1c5dab740c2a098f135a5e2

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDD2.dll
Filesize
8.4MB

MD5
6fefd079dd81cb94834423426653e19b

SHA1
3d34874275480f30f8332c3d02ced07dfc78fede

SHA256
d8c3ca57a835272f29ada189c2c6425d513305d53042ccabed149dbccf828cf6

SHA512
3f6fff313816cb89f603012faaf93b7b6d080af70d8f82d1155530958bb16297a84ef23dc0f056d357ec28044a4866e09153e6335a5a3fe6acae3e619e328b22

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDR0.r0
Filesize
200KB

MD5
106dae22290adf78a229d6d3ced17d92

SHA1
816485b26e9624174fa4cecebdcbd0a46d38f8e6

SHA256
d6d4b05170c02ce95c536ae1a2cdd7d3b7a5b54aa14a2a4c4aeed599f92dbb32

SHA512
a2c870bbb13a1bc9c133e3613d84d108d8a5b940bf416f7c82398125f5661102e8a9f41c9e3aa7b4ac11d7bb9beca2d3c101139b962bb5d77a502f2bc9f16957

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDU.dll
Filesize
451KB

MD5
8498781afeeae6dbe42441472a43f9e1

SHA1
a45d908054e6777915c97c2a64a00fc384e302d6

SHA256
6d88fddd662a54924a979cdf1c3f072cbc3e2b12e3cf0a233009a78715435bf7

SHA512
78bf1e68eb7109d71cd28776b59d2b3f38024615942298d411b98486ed60bd01be2dfa9dab4734d54c4559f6affb348c1ec6fa82fa446b376e92241575b21597

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDTrace.exe
Filesize
20KB

MD5
fbc3c4166043d110d30d388edf4b798d

SHA1
a330be676147deea2c8f96131ccf881880064b6d

SHA256
791c8d5f7c1e2db1d380ac284b784714e29037a245033058d15b285ab87504bd

SHA512
21f04df9d9ac65faac9d8f3a523ca20ecc4e5bb89e27e7db66501654e1b8d5e66119db0080077959ae41287541ef3764177c902e071a6a21325fd87d207e881d

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDragAndDropSvc.dll
Filesize
45KB

MD5
371caf53098440e460fbd066ed7f7151

SHA1
4378dbb065a7a396d21746207e25f58863ca246d

SHA256
1e734e64d47242eb7ba4a6d128527cf5c7b4d32ad8640b5801921d579b626911

SHA512
01cb377c8d43647da58d089ae027d2f483606afd6686c4bd59e50a1b98bcd422ea833a3bc2cfdebc8f247c10ac3e4692f9ee887dc1fa2ea6de1596bc6077521e

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.cat
Filesize
11KB

MD5
4d215ca4b7e3cccedc021955f3d8e0dc

SHA1
34281419e17cec26a26a39d74408d80c3a7dce6e

SHA256
67635e38e615cc70f6f6754ecc2d7485914a73b80685e057590eb4f72c1b5441

SHA512
13cdc1f631fad080f4539a65a59d050c7e42fad545f3c190bee5a2ea1b3526df0790f3c8f423b73ca5ab3e71ccb40c603174ce31aee77d24702c77dee8ca1865

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.inf
Filesize
2KB

MD5
423a9e754c1d0067686b7dc1aeffa6b4

SHA1
a57450653e5d9c3126cebe754a1b7e4204044d06

SHA256
586128bd5dc9f67aa56f6b91d133e295c2a2cf3d3eab52672db8bba7cadf3ac2

SHA512
b31f468dfb55de5894962610b09218f49ad4be1148ea8aca9e5e3b5ca4592f0a0ce25d92464e9059e8b52354d3c7befed3db3e57428937b898a8eb492485b580

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.sys
Filesize
358KB

MD5
14e93c14b6d5d5d9db26275dfc987015

SHA1
0585447d1400fcd57b86280453915799de24c7c3

SHA256
cfb29a2e7e938f7f2ec0443d5cf25261468e54c616eb74272c43924bb32e806e

SHA512
41da4d14075c3b47c4228cf1ad964b7a943b59c8e851bd2c264d88e37a7a3f525c9ad15683e5b0f512854eb1088c1d398fef8217a7c420d239c5de12c940639e

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestControlSvc.dll
Filesize
43KB

MD5
d0fe3592f2ca04d63045927a4befc420

SHA1
c831f6dbd84e13170a13a0c8506eca32f1bfd70a

SHA256
42812bbac82102947c8f09911ed612408b0d8d851339da493de021f15c488c58

SHA512
902b34937406d287b4453b78cdd4a2d4f92ff8cf526c03a58e7928d5e26afc5f1907f1d021168aa2f476db941b03dc18de36773d0939da910e922c8423c4e13f

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestPropSvc.dll
Filesize
43KB

MD5
1a8e7698d6a8fe8bb8fbdc1bc03e5026

SHA1
43c16440a05bdba0bbeaa3dcf9c9e31563c75ef1

SHA256
c02694a3fe45084e7ef3749795b5fc3ed6f8515397ae78fc1a2ca5355457fce2

SHA512
7b46b522880dd5a60a7e41ecfbaf0a36c7e91ca8699147e151ab2d0b0c663f7598266e6bf8a6c35276ad61d2314419f214d13afc496f3b20cb21e0338306f547

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHeadless.exe
Filesize
215KB

MD5
c1ed3cbf64043c49052768c658f081eb

SHA1
c809a1b955aaa13059f7a3c7a9ea70870c9cc217

SHA256
adc96ee91e917a7f5718a6a918327b3d081e289d097940c18da79d94036dbded

SHA512
947ed6e70046d99063788c56ab9b71ae6e144ba1929ec1910d02393acb132c5c4cd11304b4dfaace131f832770a06260d02c47b4aaba11e4666af30bf4ebfae3

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHostChannel.dll
Filesize
27KB

MD5
a847a9e20ed786d5b5838adbd8d6cae8

SHA1
beff339b2df315764c14c1794b217dee62d669a3

SHA256
d7f250cd9f5066b37d48562d92a8315fb5e0b6512d205cedc1297772af0c86b4

SHA512
1446db9d00bd26f733b5fc0992343b4bcab8b7122bd3d36d1ea75835ea05eeee7c916c8a408150be8f52a60fdc33f882471dc408f05d3e2f43ca14234c047be8

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMInstallHelper.dll
Filesize
187KB

MD5
f4bbc0ff246a38ec930a455f995bd6f0

SHA1
4f44a3b8002245a8648784fc28a6ec54a0c20679

SHA256
1256e679cf2883bb44b4d4f6bfcc44cb332f3a802c396e787e2fbebe67a39dc1

SHA512
2bddea41502aaf6731e3e3c599190001fbb23604b952bd26dd67b9be7d5a3b17bbe85d1fdda42d78b103394f27c13710f7d49e3272606b2cda267fd31014635c

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMManage.exe
Filesize
1.3MB

MD5
a9e4af672f217ef535e9592f5dc971eb

SHA1
27670fb386427d240f91c8503b4f970cc1e6d078

SHA256
7d5b9212da761a3edc07a2ba5f1547f0662be06ae997465e8d5ccae28714e744

SHA512
2b48c4c52ff47d2373b5f3cfd5056595c3b7c7516e66eb3a8c40a5f5b20446fde9dd0440ea814c2817135b1e45a47d08e62539841803f2d1f7e9fbc52961fcd2

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.cat
Filesize
11KB

MD5
4c8e27b491df706887eedcf71be13759

SHA1
e5e11388cd871f54c8c5602deab7ef8392843064

SHA256
8d106e9f8e78d6890161ab12be359ca0e357ce6ad46d9bdc5d80af3448eb94f7

SHA512
e4ed33bd3adc12e62718d93e5d8c8c4fcb61079ff64d50df77014b6730ea2aac15fbca2abb664e19b84bc9d6bde5025a8f71274b7dd7f3e2e66ef07dd5ecc76f

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.inf
Filesize
3KB

MD5
92a337482c3995c561139ea8bd7c405b

SHA1
a164ab90cd6e1abedba0c54a96a450d94be4c93b

SHA256
898574b40ca3ab0ce278899e4e585d653eb5dc3a2ac7da57c904a0bf4b0cc014

SHA512
d46f8d7abdf445697303567845390b52a31f3c0e45e8aa357802e667bd4a0816555b3d841f19672adf69c2c31e3dd62e7e6d788d50d95172ac81f5781403a102

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.cat
Filesize
11KB

MD5
5b06844dd324d3429d14220f8e03b100

SHA1
d3c29644571053595da3eb84543fb2965fde125a

SHA256
821841dbd1549bf444e8f5082da3feb75fee3f4feabf117b131058d252e5f68d

SHA512
a73a271ad633da89ffd112a9db387e9705edf30e03b18123abbc82671ea471c072be8a9ba81d1e4a7fd853138f64e265f1f01264a25b24a7118d7758b11d8db8

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.inf
Filesize
3KB

MD5
a8cf4a14790dcc315d764fa481adb5ea

SHA1
98d562c329fdbbcae881a4ea7148e6b15544d753

SHA256
94bff036fd5caac9be2ce2b60695f5b881e06211d8fa3ac771a82974c6cbef79

SHA512
05e08c8293f9faff2cb65aa0b5172324ae0adc1c73469fef4c42ad252ca4ce068f564bdfffaf134f1f72f6671ed4acf27d44d0dae17f354ef1c9e6c7373e37b6

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.sys
Filesize
226KB

MD5
4310bfff02dedf0d13d0b763300bdce2

SHA1
50aa2fbd794eba7a6018141eee510c139408d83f

SHA256
5150461b359ab6bd3be49edd77cd8ff429fb02d4e704155d794989f9b485aae9

SHA512
b181b835006ead6ddffe577a1089cef3b3f56475644433285d7274c6fd9e2bb4d2dd9e3bbced63a4e7778213aebeba5499ecb4aaf4dfc1751d895b862f4fa2f4

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.cat
Filesize
12KB

MD5
91bab7bfdb03f17ef945f26ba626fd47

SHA1
79d5b9f174562756ce4649148bf9ee4bd2829dad

SHA256
5fab6bfc10c7feb4ab015373ad1368a7b5e2391c3b971341481a995f72fc07cb

SHA512
e53cecbb9670ea918e1946419c40ef2fa3ebea1e067e66fc244a701721bdad108a102d6d7978d9741afc144d4a4540e1142f865ac9932709fe49b3e31419701d

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.inf
Filesize
3KB

MD5
e61b659c79361ee58dc58998e4cb6373

SHA1
d6e00c2002b23b7c4414319ebc435bbd404d3397

SHA256
1a15705f3aa1cbbf47c1b7fac1ea8a3e00e17958e6ad6b674be2bd7389a0dfbe

SHA512
6d7eec93f8dd10184707c2d0c343eca5caf9f0467bd7efc2b1e1bacd2b36389ebe062e3b8f6d5bea479f7fd0b1f27458923c6866cf6e322dd928473b1c72f669

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.sys
Filesize
205KB

MD5
0ac3c5231442f711d34748bc5d3144e3

SHA1
afcb04e915cbae553d82ae58d54c2531d144e395

SHA256
2457a0c4a3176277e7db80e406f1ddd46c669e01f3f741c6cf3403da31e2ad07

SHA512
7f94a88ceabd9ace0cd65cd49297b482f040ad31b5bbd34955b25f6aafce315cb6fac28fa0a1d61614d3eeae7cdf3bd63e4191d59f2d17267870294ad8a861fa

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFltM.inf
Filesize
2KB

MD5
e87981c99ff763113ca116a3ad696027

SHA1
f8ad4145189c6afc08fbf5429a6da96aa1d34840

SHA256
4364c725e14a761776b123c92cc492c0404393cfa7960ffa173a54961774cdce

SHA512
4566c22c9c759cc5acd69846fc910760b68faf5aa4573d3f01c328d2bcd24d3cf735215682737752c22e3ebe11e6ff5e49ef8504fc72b1523bf995ac223cd8f5

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFltNobj.dll
Filesize
1.1MB

MD5
a3ef245f632306e11a5b64a2b97c9829

SHA1
d7dc4179114dfe5250c90267b67d82f2beaa9bf4

SHA256
a8de4f22825c5e406efbe4fdfdf63dcc967337848aa5d6a952abacac52bfaf4e

SHA512
2ebfa77be8475c8f0e60f5bdfa05e74c321e95537bd2e41ae4cafa2d5098bce8d68a3873897d8e26c8ff7758dc8fa11b87cbf2366a92ffad7d918d863af45a40

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.cat
Filesize
11KB

MD5
e1712d82f582f98c3a0e78e0d4651c2c

SHA1
6dd1fdf141151ec19916cbb52b6489589bc8d584

SHA256
7ef2dd59e21ca4845a9e09fb64b827cbf6e438e13091fc48ec649ae5fa69fb52

SHA512
0c780fc05b95dea9d1f542e842481f3d18d153a87121ad4cf026d001c8520251641005df7b93c8f17a512cee28cca95afa9ca0ebfa66808e11e19c2ea18c04c5

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.inf
Filesize
3KB

MD5
eeb987061c0c9fe0d0dc49532bc1d3d5

SHA1
ce2a9f432e29a78ddfdd20806cb5724d9e056c58

SHA256
bf673efdb64b7e81069eca5b0c50dfb7e6dbb3bb3295f5d034089cd16b528fef

SHA512
8703585843a33021f4bec2bf674702ca7f48a2fb6f8961539e256212c628660ac75edbf2fe9dae37f3d9267d1ab9451ba0e756307d6133f0875fa4f3898c0803

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.sys
Filesize
236KB

MD5
6c000ac4c46fd78b6599f8e45cc0ce7f

SHA1
c1d7e2809834e62326af0a46cf78f14eaac9dd2e

SHA256
05adb854983e9da8821eff5e50cca5a59ad0fa501966c269bd6e937f29d971da

SHA512
9d590138e97f72307fcf431a273f5af80409c9f2eb848b86b889cd1bab4f6a154719588b85093f244ca912d256584b65d7440dec900aab1160f5cd478435eb68

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStub.dll
Filesize
937KB

MD5
7e75f6671b3cdfabf1e74dc6e0521bdf

SHA1
da28f119b7707053abd8fe157edd9d7345ce4c63

SHA256
08ccef96995cb4c22ce30c865515198366cb466bb2ef98fe6b36aab39c331170

SHA512
ff7f2121e381b710c276185e952957f922767e7e225e5a934997bee2c2dc3eab8ab4f8f275c090e9ab7f259879d64bc26b2fa5560d3ccbdf948d8de8e340d6f9

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStubLegacy.dll
Filesize
634KB

MD5
a24d7cffa168b8f4a742f80f4f4ddfa0

SHA1
885f8f3160e9b6d5b9cc959a1be91ad78c9f6adb

SHA256
8147c429192980729beab4393b5486520cebc2dcb6b95274d55a196e95d12dc9

SHA512
74350a8937c1c46295bfd7b5ef96902a65de3e2d3bfcd482ffc9ba57a2c82998eb1044df81430038278b753c4b2c47b9ba839031da94a4490769d83741877972

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRT.dll
Filesize
6.5MB

MD5
63e8381bf53c0416252d1a014a0d928b

SHA1
c4db51db0436b544226398800d71273d03c9680a

SHA256
c0ab581ffc2859b29588b70b841d2a008674ed673a0e1717a855b41738269f60

SHA512
813852361f6d4841b9c9fe7df4bf03d57e227fcd73cdf3c1e9ecf72df3e3a2632e0f8f7fda1241836aaa91f72ea03c90cff1a95dffe944b6fc868e685e0a9c2c

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRes.dll
Filesize
694KB

MD5
02efb4ef8c50a1d60c657dd19e870abc

SHA1
547069afe3dd59d709cefd8ddecc5bfd32798d7e

SHA256
5831c6fabdb5ff49e965c25184228c08c4c51ba3d5b6b7174ac051b752828687

SHA512
26d35adeed6e81aadfd2e14d81feaf3100939ebeb8ac8983cfadeca1a9b3669e320292286fb07cf89808a027a1286c1bcdc5e8c0f23c8a2c301c3fd7d2fb2114

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVC.exe
Filesize
5.4MB

MD5
672417b44224f7c1ef624de683755c71

SHA1
d83a5b6d903b7c24ee0a458caeb7c3db80e52fa5

SHA256
66a38209fac0f41ad3d6781169faa77c2e384620221c74fa569af278f427eeae

SHA512
9b5cd5fa4fac913a3c333106b7fc375b2fb1041c3ebd78961ee92c164d415fb5e6479ee33e559a7c869a49d1ad75d4e32ae956d7e127c31d06eeaf56cd1d5d2a

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVGA3D.dll
Filesize
216KB

MD5
3165c64b85d9d21a6ff2db42ff09f3ce

SHA1
16e35150c56d9bb9338563662e0185ae76930c18

SHA256
aaaf64798fbbe4cc7362cd3cb4d1aaa55400ae60f406799800415fb36c8367d2

SHA512
1b29c47798f29062cab911a108e289a492d61dbcd019fbd42b7825ccf7720809d0b4f60e29a3bf60595e9b808154a6f61e4b7010174f770b7e208da86799146f

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedClipboard.dll
Filesize
57KB

MD5
e9f78eeed4800371f7661e0cfd10a1d1

SHA1
23fb352f858cfc5ddec37565285c1dc4f35aad32

SHA256
5ab420b5b984105a5ada4bf8a5578dce6c3922bfcdfd1d5f15328ca31296e3e8

SHA512
4ad7c3713a42341a881cb7037266af6b86072b886f4808e8745715c86317374b3f271cb8f36bc532af2646b7a6b0c9f25b11766c4b585e5a8a95b1f3b9add698

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedFolders.dll
Filesize
67KB

MD5
d617ae87e5ec1821e9cce9c55595e4f9

SHA1
f39cd6f1528ba80a08b6136a0423804b78ac3050

SHA256
60728396bfa0e5843855d4cc265411ca5ca3359cba2a76eae57afcb7b5967ed1

SHA512
5c950841bf205e520261253171d38ec97b2c9cef0bba73d58e6b905f1062d0efb5097fae963d6b5b7372cab865c7cdbdf89d6f5b354c50d4716c503ff8b2bc14

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSupLib.dll
Filesize
16KB

MD5
b1d93f06d3ff479cdbba4e1c9a64f0e4

SHA1
9fd00492ed595e62e78e80b569e1c39cab9de1d3

SHA256
da0b8f8bc0c91b26477ae12d922a1bd9a16d2e40df36407c50f525e2ceaccb41

SHA512
f5471fd9051c055bc936154475f53c5caf538136f48ad593fa23159b1df31c74956afddd6064d56610789b672d12b2eeb8cd11abb91fd02fb74f8504cc90251e

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMM.dll
Filesize
3.5MB

MD5
0d7e37cfc49b2a947b37ed18967fddc1

SHA1
134a6b26de675f999a8fdd0f2ee757c8338b5358

SHA256
55eee5d11d82a19e7f7cef79223cc5800535d45592b598954d4466f5c1367138

SHA512
0025a9bc8225c2079faac635d29e7d3e5dbf8d45724765a9055f7c74a97b791e51cf5f3290d118b6667473ae02903a2f3830d14caf69e670741e68ddf9cb53de

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.inf
Filesize
1KB

MD5
9ef94bd0428340d94cec3ed921cc2eb4

SHA1
dd94165626d95ab1d351298843f77e9ca0ce0801

SHA256
023cf519b63b84224cb092be487568cac6a75e5da2acb394873dcd48d8747954

SHA512
161b31d7870f06b6fd6648f3106e9582825ab81d2279794ea08eef4ec947740b7c4b8a7b4f21e74dff0e2a654cdfcc9f1f1b5727a8c1abb952e31de3b796bc0e

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.r0
Filesize
1.5MB

MD5
3fba4bc28fcf269cae647d13a3b4cbe3

SHA1
47eb1f7dfbbee99200ac47bc9d5cce17fdd78e62

SHA256
d33aa386475bd529f8c3c9edf9449e9b51b71d8a84515390e405bb246bd57807

SHA512
5ac2042ae175938754ec9918014ea546bd70cea8ee2b9670360b9e4043982bfb103d3fcc6d5c811076fa52205532d5b00e3e6e8923144e4bfb37bb852e8bd041

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Install.exe
Filesize
109KB

MD5
23fcfa8100447716302f10678ec252e6

SHA1
910024cb56024a6c79465f82f55080e906210228

SHA256
e50bef29a5761e459f7a121aca4bd0c953005f501de7cddc35d681434bd2a13e

SHA512
8fe1a51c56fb349bad342c3cb353912b83327f5c51ca4545a1263b4b2af2228f127334837f095ed703cf0e46b5c72fef37ba35a9f2b862c0fd12defee8f36604

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Uninstall.exe
Filesize
97KB

MD5
2cf6860fbdd36126ae62cd6b9a68e082

SHA1
0d6de2281c2f83ea206d6a6259e46f980033b3cc

SHA256
0d2e390ba3aa9f706ae4d5cd5ddab06adc8da485df30098c4fbe5b9b03abce19

SHA512
f48dd46a257cf219a0d79ec49d5622763e7db714c87b0f3c659b8e0528b1bda7cb4192f763fa6edead72fee3cd8488c004f8dad33d0048d7873b7756ab0b046c

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpInstall.exe
Filesize
109KB

MD5
0c7331875db82690b86948c1fb8eac1d

SHA1
fb2e8cd541c721ef656013b2ae122f440902043e

SHA256
2eb76a57e7546b60b800c38cc340e84210317e16fb2c7329d09bc23deef90885

SHA512
0b27c225c9139351c5dcaeac07e7ae0982bfe340ac6f7efe455807ee242107a7ecd3f2c86a9fe9426ab41913721b3c227d2a226c99ea48792fc887444e733bc2

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpUninstall.exe
Filesize
97KB

MD5
281bd3e5c84d35301ec837b59c503e5e

SHA1
4fd001158a33b77f15001549db38e4398de9336e

SHA256
10f55e5725a7044e9120403db8284eac76c05f485a6cbb5dbde10d2a616b88de

SHA512
47d02e1ef91d4bbd1d67ce1ee68d61efb29364b9b9066963cfecc423652e7fbdf06e475572f0f46f367e0c23ae0d01fe2dcaf907e84a822822842d3440846ca5

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltInstall.exe
Filesize
101KB

MD5
da3e3159116e69f1f542892bd1e2ac3e

SHA1
e48bbf9de386f2d067a29edec9332ef000e683e8

SHA256
7a035ad151ef512f54cb4bf8c9bc8fb28e4ba09dc6035887a118aacf4fa50e6f

SHA512
4c514ca647283c1d2ffb5b28ef30c0cb701655a8edd3b9b5866aa7fd2a4e0e30012010794b451cfa8d2a00d7c1e0119cc627df93ec557fb0020d43ed0e4f1614

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltUninstall.exe
Filesize
96KB

MD5
d7f6a5f24ca0d92d26075a002875832a

SHA1
64a27dbbfe27f4867ff8c0fa2f0aa5a3f1968b2b

SHA256
d4f5d26bafa4c3e3c466fc9395be81eff8670cf00a01bacd3f5bd8c22eb460c6

SHA512
f0566e17920021feb18758302be8c3dcd3a02dd2f5f6402888b84daf6f86a668f8d692c8b448ddc275f92961a1abba7383591e2f77ef713447e498b9d7eed0ac

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfInstall.exe
Filesize
102KB

MD5
0642ecf0ed6dca6938ebed269a3094c4

SHA1
ccd17c3e6e0eda4a701c5a8f25df50c948fc16e0

SHA256
d37b9ee12110b1fe757990b8f9fc7e4fe9350c4d26e52671de6c55203f629fff

SHA512
6e975d77e8766e686861cc6fc9fab195ecb172d4d4ded1ae02b962a285a8a5e9ed4abf46b04777582b2f6224f362db2c035329c78a9579c4f36fd8593afa0a6f

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfUninstall.exe
Filesize
96KB

MD5
c1daa5ef4cbcdf5d4433a3b0e9825c6c

SHA1
2c5abc45abc8a58ab66528d666c2be2e7d22f294

SHA256
ec2c0a9e11a9072985132004c9962bc528269d7a92bd11d105b529e1d6e03e8b

SHA512
ffc650aeb4c57e0e32020cfacc1845813d147cdc5c5fb76fc66fd7f7debffada389ea949f31e70a64d94c4d4d97d9ca2abf45345470bc6c9611a41d746e7f3b3

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPInstall.exe
Filesize
17KB

MD5
e33988294e3bf2912a26b9f9192e7580

SHA1
66ffa50a155fc6cedc1774b8720ee603045a38a3

SHA256
f6786abfcafc774f6c70dc85ff702c7779cc08c5e7bcc088bebf71b4ef46d58f

SHA512
f3554a30480a2dc8981e86cb6bc32d64311a879d2e9cb922144e7c9dd471138673cfd1348d1d3295b48238cc5931c785cc02b6a4bab1e13b6e15719375e522de

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPUninstall.exe
Filesize
17KB

MD5
5406b2c9bf3b15691375fb30d1c333cf

SHA1
c4968cd87617fb577c6f136be47b53e9dfd7d324

SHA256
c7eccba4a31e43d4b20a360c7858ed7eb12a6252202487b141422b25eb268fde

SHA512
a37cc0750b2a1094b16fbf118a6dcc8745f6b0390c8286540868a77e98eeb17181f67a57c96767e89520d118381d50429f05b082bf509a9b763c7d16de0b5a66

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\VBoxEFI32.fd
Filesize
4.0MB

MD5
26b623e43df7cae3bd321164407c3e35

SHA1
64ec6d9498e488d85a9161dda25ddcad7fe61e9d

SHA256
0ebd5e6f19f87499719bfdd5827444667eba1a43b35a584052886bca72ef99dc

SHA512
c8e586c0bb46ba3fad49e57da85d0228f716094e31e216b82d3ef94a438f3254227466c0beb2903e51ff5c3a3cbbc9551f0f7097e2b1d2845f34988d76fac16d

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\comregister.cmd
Filesize
7KB

MD5
4c0c8a2aee978f63ff9c9bb91eaa98ef

SHA1
784043ee7acbedfa92ede9c6aface266e6ab0606

SHA256
dcddc8c892e73bdb7e3a05d3d7e5ff8cf193ec1e27497a3c0bf5641dc542ccbc

SHA512
cb22df98ec3e32d315e19bb139e08354c30fd64bb7ae11fd86633c042e9128dea0be1af275a9438f90114d1013d6e662327c3add7ef60797aacfd0e22c83bc62

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\libAccelerator.dll
Filesize
168KB

MD5
8041ed0f7b41a89d6aa0fae432ba9316

SHA1
4c30b8a9647cd06a7c3c6d883e1dd9ccbd7f716d

SHA256
5a5f25c1d17557c9cd8740967f2c8de8b23d1caff2011043cf61e4b59cabb9ee

SHA512
3b3295605cd2d043ea6ebb0e0489f2225d85e2915a1f15e1f8b5424fd7140828f3e342a65c42aa5ca243ba3f10e1e27ecb5e16865484e407fcfce9aa8b96485f

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\load.cmd
Filesize
4KB

MD5
cc59f91feffd99c115c0a903cff28168

SHA1
e83df545f5d390d0b7210f7aac0d4ef37e00f0f2

SHA256
25bd2bd5472fb2097f2e79e66ffc3bb6aa3d2f974bf9b43d08045f09928a2efc

SHA512
46369b7866fd4215620806a7c12938865bf7416447ccd3fc15cfc6f3905bc4ac07a162b015586183e3c35ff17b607ba963f6ade3de81f15401e2d6d3418756d8

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\loadall.cmd
Filesize
5KB

MD5
571b20f2505a377eea3b6a2bcb2a31f9

SHA1
6240b4fb57d2844fc7a5bade5096f096617a86b7

SHA256
13f7090c7200549b7853e929931ccff1ba29e3497286d37866c14232f1048c8d

SHA512
930b966ce36d21014bfce9e117af38718ad0a0ea1b49bc1fedc6136ff71b043107cb07d8a879e3588dd64f45c2181fa7db6261363d80f5bb31144fda673d34d2

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcp100.dll
Filesize
593KB

MD5
4f096d96285e06cd51aef7d2d3de04da

SHA1
c90ef0eb5b1a0b1b85ad6792291747fb6307dcdb

SHA256
5bb420fbe28315f2117376052bb8488ce84a3398dda65005b8ae1f792017e9a8

SHA512
80f558c50a71ad9c4930b3838b481e4fb453c38d57c91f7f70c1f86e4043b9a4fbcec27d7c025285504cbf3bde7c50b4770f18121d7818ac58e2ee9c2071f97c

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\mumuvmmvmmr0.cat
Filesize
12KB

MD5
d554aec99709b5e977ac72b2e4cf31d8

SHA1
d12dc22ad13349970effd971c77f9d5a165ce2eb

SHA256
6f0ce3c8c3f125d56e6f6c19afc88d38c4679475c720afc1224ab29b8cfb451f

SHA512
4a441d764792e23d8749b2eec563a66d2a4fdb6c61e195fd76095aefde1b1806f7b5699080c0539df4081f0d15c53e8dd5eba76171abb9661b85a7004bb47038

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\my_upload_md5.exe
Filesize
735KB

MD5
ece6882c94aaeab536fc8a168d744e04

SHA1
9ac8a75b32c9f846231994ef43b2bc8e7bad44d9

SHA256
ab96dd5cc65c4bb1b827561496af5712722441cfd9fb3418847e274e7c114798

SHA512
b6b1a8bb1e3877e2280e9ef6164626da2b580e1e9471294898a1bf27e231560fd3540ce8821759a0dcc7b6680eca81500152d666492c1ff7fc9cdc8bd33080ae

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\ucrtbase.dll
Filesize
969KB

MD5
aeea6662f0f7819a077b99441c36178c

SHA1
c3a2ec7fd791235b8b1f2371e94f25a1670f7d00

SHA256
cd48756e96740f84a2aacd6c308997a4a36a953cd77f50cb54c27915a5c5c302

SHA512
b4b3c42e716fffe98f1c65bd2b0f522725ab8b43a7739c0a925b850fc0601e77cdc1e2071813229477d129caa73813ef6eb5c4c806d1c48c90332c429365d639

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140.dll
Filesize
83KB

MD5
0c583614eb8ffb4c8c2d9e9880220f1d

SHA1
0b7fca03a971a0d3b0776698b51f62bca5043e4d

SHA256
6cadb4fef773c23b511acc8b715a084815c6e41dd8c694bc70090a97b3b03fb9

SHA512
79bbf50e38e358e492f24fe0923824d02f4b831336dae9572540af1ae7df162457d08de13e720f180309d537667bc1b108bdd782af84356562cca44d3e9e3b64

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140_1.dll
Filesize
43KB

MD5
3b22b2ec303b0721827dd768c87df6ed

SHA1
86f8af095cf7368ccbff2d0fd6d33586145acd2b

SHA256
3b792da47040c3b3e0804cdc5153eef4e802b6975963029d8dc360cb824a7b62

SHA512
79db774980ee132797f7e7dbc0e055b724d8fbf0e4917523b285f918730adfff81022cc6f5e15469b011d55501fd7b085bc070e9ecdfb75c05f4d6622a7f2475

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.63.0\VAddressDevice.dll
Filesize
67KB

MD5
8c7fa231e13b7b380f8d2b456bfbedb8

SHA1
66e153f427c44c90ef1e59e92723e95a99f75e8b

SHA256
310e5d67c32429145f05e82848fec26176fd1c50d01418a784669c32eb0288c5

SHA512
a62156e2f6db5b5efcaaa17d30233c167bf6b062d6410636d99e56fd0361d936ff3fcb8b80726165dda7bac0f7eb3b178dd604614a380addd1ba7be508e2e4dd

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.69.0\VAddressDevice.dll
Filesize
67KB

MD5
5396238bbc8c218e819f6715b20e6031

SHA1
55ab28093742e28424688799729bc46d60a95a4c

SHA256
33236aa3dcaa4714e0e663799a3fac83593c8afb6e164c1c1c2fa3176a95b15f

SHA512
54df0b2dc50a26c1597932e2362c7c3c92afe83c262a8fea7221c15a3f77caa55897d34c675370eb9b7b955cf2398d26c1bfec4d3e0484b0606b57a4cf0f9c1b

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.86.0\VAddressDevice.dll
Filesize
69KB

MD5
e618cb77d4bb5f61a88fdb91303a2c1e

SHA1
df3f87309db42eb084b46ac963e1c7d69eba8a78

SHA256
55fd58e38c0a9e2f60b5c03750d45ecf0b1b7b873b84a531c224e4bcaa4bd064

SHA512
5acd329ead414008cc670303f404ddfa68abb67dc6f4211d932bd74f7ccbf36e138caaef1ea35b783be5eb11d2efe2c33fb0088aff8036c3fa738db9f5c62020

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.92.0\VAddressDevice.dll
Filesize
80KB

MD5
c452f408b06cf88692c03ba5c534bd76

SHA1
8b3c315e115ba8ffbeecc7878a3034cefe65b5a3

SHA256
bc2f9fa16c1899e8d92a5d3a3f7dfbdbb9a1fc124e252259f2d86f207c2b09d4

SHA512
3ba6e6ffe15a3db3c9a5531a6572de75e428f0608a8b8abbea8e1c3e84bd6a278524b818e9b2351d2cf10094d881696e8051272ad0bd741c893efe31b62f6ae2

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.94.0\VAddressDevice.dll
Filesize
80KB

MD5
d1b49099704f416236c17d028c2a601c

SHA1
b7b04f381dab7838e7d42d5716652debe287ade7

SHA256
1baa6c717e0b402a75872210e878749d021e6b354d21cb94e59012d2f19a9b32

SHA512
c98a3b8e4294240f556603bfb79fc06a92a436629c84284b7beed0999296469e4315ddab04ea0e76cca22a40641272dd53a88d5d0f2570aedd11c0dbb589dae6

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vbox-img.exe
Filesize
2.7MB

MD5
258a8fdbfd2097c1eaf174544c40b193

SHA1
80c0565244c49b9c2ac69e72e72e2bb23e625fb8

SHA256
730ce3b17a58e26bdccafc9a929738e2f204bdc57281918d62cd9845531391a0

SHA512
c7e98caf9e0b5db6364a20bf6b518172524e4edaaaf3041ed00399cf57ac4474d95c0094596bc8b0447d88cc27c6c4d1995f2dc034535717fd86d755a0bf1f24

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDDR0.r0
Filesize
189KB

MD5
f4ed8c30dd14afd80baf61af4f8aef5c

SHA1
e3d6f1480131e932c1473c6b1d4bec6ec6c2aaf1

SHA256
c65929b0e12123e079114fc67e6052e03de5934fb65429d637b6242fb021c5b3

SHA512
922862e372048f29d4eb39c0a2e5fc921e6643e454825f476cfb98780b3d02181b91a9b6f5590d5f4206d7de391aeb6e5e3b72a8a9ca321b77bfc10d9040a3e8

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.inf
Filesize
2KB

MD5
2741226667bdcd9e759f536756f56eda

SHA1
cf437c8a63ce26b0e2a573409c976fa1f7c629c1

SHA256
82606488633ca10859a8a80d00be705a08509b35a9c02aef8b3dc70335bdaa93

SHA512
774699f466a423eb24c1d3b5ed45f49e2eac8f931fc7ca825d14a10a19402e3fd95ebdb5c7c2cfee6a4aa6219ffc157c09a222512fb7b3cef888756c1c12c810

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.sys
Filesize
364KB

MD5
55879de9dca1782537ae1064b2760007

SHA1
f5ad275c3ed5bd8baa829edfe008b626e49f42b4

SHA256
a9bb3be7ce97d0f4ecb78788ffbff7379ab0f7548715049b59a587ded1e8dfb7

SHA512
d8efac11593638fb2baadc7d173113601d3da3aa30efa0af3d295e8f814642bfe81cee7bbece2426ccccda48ecf1969f9de04fb54b44f185ff2f9f740178eb98

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.inf
Filesize
3KB

MD5
127d117df95f3a294b254f65ca929340

SHA1
49f365425911dcfb17ce8f08aa156a66878f0e4b

SHA256
6421fe11bfd94be2a659b4a39483dd71d0c983de9d26caeb22ce92d0d224f39f

SHA512
13e9ee1496af276ae37e8dc236a48109e06b0b044fe05d88415939d3a1db0076a0c95cd7c88e715ac4df01603dd3808a6bf21ccf1ab19895b782b2f91f32f08f

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.sys
Filesize
231KB

MD5
565d6d7e77d6fd5be5ef21fa8188a652

SHA1
02bbb60161ac4da75ced5257633b52462baeb908

SHA256
8517e15ed543bc12a940b03ac5da50c63af1173813640bb1569ec62e45073584

SHA512
7f4763249278e8c89559d0b32646ced82107b440a9819cf9ba967a0cc749114f02f45ce393ab89a07bdc89d6febe047304d5d2e85fa8ebf48cacde814e3dd2f1

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.inf
Filesize
3KB

MD5
d284b3ebd57e803451aee5aa7d07d496

SHA1
4cf6e3f2984fadbd2fe71c6a0d403b2e5c2cc759

SHA256
f2eb223b9f3eb6383bbbfea0b195f3672e8492041d8bfe89505f2f3cc7d462bc

SHA512
c11de75732b67fa2bbb695e60c0c7f75a52cabad86c58d72a05b4f6fca56bb886bf9451f6ef5abcb91c3e65f195176c45eff15846ccc60e7f782fe725685b5ee

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.sys
Filesize
241KB

MD5
a8071a473dcf9147820fa684fe725ac9

SHA1
33bffd62c5555692d3d314ba211b40414f5f580a

SHA256
f377895a45410c5585c27ffb7a44b68b1002985f0c03f562b4b21ff6399f8eca

SHA512
436af1b9bef2cadfd1ece3215cae1662217f4f2e5a299f4773db6748c6e26a78c3957a2e314c4faa22b930b08b811210b25e176f3a985ec0d9322d66077d4250

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.inf
Filesize
1KB

MD5
3a31f44dff80797d944dc1c76abc306c

SHA1
02a336a7614ec019a65a90c971c648c34c814e66

SHA256
f39e3b98a17d4d946879284466a27ec946a07bf869f59ffecbb38451d81337d1

SHA512
1e3382d8bb6f99d96ac9272d9aaac5012fcb31e83a072d22cb4b8965c8c636ccefd31f61e51ac6b8fa79b7fd70038fc259dd45d22b9bbb267f8f17c9b66472cc

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.r0
Filesize
1.5MB

MD5
a5c0e348e7cc0e4cc570aacf9ffcaf29

SHA1
446506fde338687fcc91b176361b51b0a8133045

SHA256
3ae59d3eacd1f837d3163817731820b93139846021aa8aa7220060d174d6cecd

SHA512
966f4100f17bb3a89f650c30f979f15023105f1db2f840a03b31bf53ba5188ff5994baf110e489060b858296b49d620551111695127da8d0ff34360a58c65822

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmdrv.cat
Filesize
10KB

MD5
838ca6cdba04a33267a12f9af842154c

SHA1
a85f476eec0f129676a5552e8984fe9ace437118

SHA256
f10c1616e67f2f9d4ccc15e59ee3df8e6413129f6905db6aa84d9ffe7e7fe662

SHA512
3c522db4d5e835d8fd342ce65f0ec876b3e20dff1c9fd7044b04cf1a0f7fa9c7b8766bbbc8ca71a25c64a7e3ffdbc8a04c7b110494ec440806961439b5b9ae34

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetadp6.cat
Filesize
10KB

MD5
cab436e5abe7f446f8848dea729679e1

SHA1
6c6175df099341fdd9a67cce631e2fe55fb1dc2c

SHA256
ff9525380df941cb1bd07fd72f27882db4b96699d9b785e4c3078b3cbd6ae618

SHA512
15b3c72e20e3c1dd1f184e6bd6b8541efc798e7d57878bcab44bcd46f8d30593faf83596d5d1e0862558cfd316d5f1967be912056efd0582521548e9c963a9bb

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetlwf.cat
Filesize
10KB

MD5
6744dc4f16200c37a96cc3a0e5556285

SHA1
e338196e4af4d5a19b42a2a03cb98447625673d2

SHA256
5aa222dfd3ab9f7316c1c39441946973ab801c00763375a90cf7532b592c4086

SHA512
ba89277be0f910184f0a72a1b0f1d7aae2e540775e86d48f42ab9074e58b7ff6c3b2cf4c717d3d1923f7ff10886a76bf926ebd6189872c6c3fca799fb74b0213

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmvmmr0.cat
Filesize
11KB

MD5
2e23d6718ce96dbfc1be7382fead6ced

SHA1
09b89d917222114b82ac1c3476ee31e01c33842d

SHA256
0885d7ea48192a21d5f37597315c961f6f6a569a4c79080c3229e3c443239efa

SHA512
54f8737e7d3139b654860ae0aed9ec28d5c2049b1e76bff244f8524196c4516023a7cf69b03e4151106eba7145f7c8ad5ae5c2cd62d96cf959e97071aa1b85d9

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\regsvr32.exe
Filesize
29KB

MD5
8e02fbcde02e70544d4fe8606b450f80

SHA1
16c111a820d386d777e83e42783729f8701e2e14

SHA256
faa9da3c34191dd8eaa6ebc775316eb06711d44b5b66dc739c69eb8101422fda

SHA512
07eb34835f0774db2a899a754deefe03090c898727565ea730acb0c3b4aeafd17d1bdb632d80d1f7a042efb8b9fa0d8a34b9c41e76792463676b4ada16ed20be

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\D3DCOMPILER_47.dll
Filesize
4.3MB

MD5
da754d87f769cb21d9d2847ca8754152

SHA1
27a4eff95e7f4a359718fda7138a528147969b27

SHA256
8c88c162010a8d6b80f2c0433d4ce973ce626afcbc8da5be68bfa2ba68341eba

SHA512
59bf5fffab8e36f0e9bae29969eb051b6c99367e202874fb627936aadd135548bf84479b2d3e66920fcd7344e605caad1e547ed4acb817a7ecf39b166d8687fd

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\aria2.exe
Filesize
5.7MB

MD5
2f3d77b4f587f956e9987598b0a218eb

SHA1
c067432f3282438b367a10f6b0bc0466319e34e9

SHA256
2f980c56d81f42ba47dc871a04406976dc490ded522131ce9a2e35c40ca8616e

SHA512
a63afc6d708e3b974f147a2d27d90689d8743acd53d60ad0f81a3ab54dfa851d73bcb869d1e476035abc5e234479812730285c0826a2c3da62f39715e315f221

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\HorizontalHeaderView.qml
Filesize
2KB

MD5
f2aebe2d5870f722bf929a4b73ded8c5

SHA1
6799f655ac6455d619391eafaa830bcf96e1dbc7

SHA256
1adfdb7e95134eeaa36c900cc54b5a6eb1c0f5dd1798e061f629522a37d91b74

SHA512
4efd5ad7b200d048691b30163bbe316cd216a8960fc6b479078f16d8ee47462a5efa1efa00d675d3a6a69863ee9d7af9eaf2d19e5a17461961b76839389cc77d

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Imagine\VerticalHeaderView.qml
Filesize
2KB

MD5
8e482eec4c25ff3f720cd129abad011a

SHA1
4d9c2525690415cefec2d31c331f502df3f24826

SHA256
4b0530b34dbb2e48206397b6b0e98bd319b2519c591221ae72c512827170519f

SHA512
e779d3f0510ebcbef981e8d6a3b5eb29ddb68330b6780193d6b543820c512400dc612ae87737a3ce3274b0b3521ac8b655431a5e1a91f913c96ae2495c7dbcbf

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\ControlSpecifics.qml
Filesize
1KB

MD5
6f2d0fa6bf284d885821f199bbf57a45

SHA1
cb4e7c4a13ba245774ce36c0393273609d03a846

SHA256
8bcc3a8274aef505a0bec07ee1ec9b4eebe4b2c4ed7afa96e808a7b7a77f4cb5

SHA512
525d081766a45843eebc25d58d3115009a1acb7986e928a32d1f0e168c4469d0d42cfa6162c3da61c6a697154974f8a0ec42a085a4e4622696a6d808bff2330c

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\FrameSpecifics.qml
Filesize
2KB

MD5
d8f52bd43556b4823a8cb2cc7669fe44

SHA1
222b1bfea56b3a415d1c5887c5c2fa089c6cd352

SHA256
3acf94a8fa5d2176b640145966e6f94e3d3c08a718c3fb03649523ba798850d2

SHA512
7996751d1b4ccc0b73fc8b2d050c86714a9e9d2b5ced5fb26bcdbebc76bb177fb90f1d23023c58d2b2f59070c791bfae28142d8dec47dfb6f8180805d71f8630

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml
Filesize
2KB

MD5
5435f060331a523b9e5db9c9957756aa

SHA1
e0f07b59a0ac83b7cea1716cdae4a59aeafa396b

SHA256
91d7772e4a193e91a093d59451508cdb89448eaffb4febda26789777afbacf3d

SHA512
536e731672c1348222490d39099712c7bbcbf8d0c6be5d0f3517c10feb1b47d7942c18703e18c28f36774546a41f18d61fa8096e022a82947d43b11a2641d187

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\SwitchSpecifics.qml
Filesize
2KB

MD5
e6dd3db4f8a582e30f07b77e801428f0

SHA1
d207e34278440fc9b47c6480a47fef13870ffff6

SHA256
a3fff66cd7217029792e7fce403cc658b0ea03b2d3a2860f57479c8ea6bc1372

SHA512
f58e27d7f36e05cb1d6277629ee2e3cc239b2ba73a75d1399a048191e4443dbb1360922b2cc0d36c3a19b04fcdb64f5dbbd0a838736dca658b9caf856031c5ea

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\ToolButtonSpecifics.qml
Filesize
2KB

MD5
d5e13fdb75ad4dbfe225397469a5bd22

SHA1
5e0c7a6619b715a79d91a3157f13d22b8225808e

SHA256
208e10ee8ace1cffad89d2745745909249ba182470f65e6563857c8d77839800

SHA512
4278a6fe6bb0ee49d1e43e8e8a40336cd84941b29ca6d31d776adb931b4858ace6bf8a8896a4dfe804f550eab97b2a3c1c2d269e45e5f84646775a989b76c273

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\Qt\labs\qmlmodels\plugins.qmltypes
Filesize
15KB

MD5
8f8110cdd79f2aebbbad3164eebbb355

SHA1
df12c58c841565eeb5ea251aa629fe70ec9faf2b

SHA256
d02e60f465ab46511ba006f7abb03eef67092b7f10b0951e06eac74bd0bada78

SHA512
9648ef91afa34d373daa29c18873b0ff983762cbed63343c0d503c6359506b437c333ffb21f212ff6e2947be7fd2933619d0ee7d53c0dd8265d67db26944e09b

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\css\app.19c9a55e.css
Filesize
9KB

MD5
ea9b7592e3ffdeffc0fe254542eb245f

SHA1
9e4775041295f3ab3b376297e002990a98cab112

SHA256
73aec936fddb36bfa9bcceed36d9fce8636d7cc555633c315510254fe1eb8f7e

SHA512
10c1cd80f4003e0045414c8d8bcac4b74115cf5f5774cda3c71e3bcbe2488a1a8deb33e57e1a5ce148b65b78f6b659af280e4a6583f7aa119cb4b914b3eed331

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\css\mine.119b6500.css
Filesize
5KB

MD5
69144ebebed32c1e985115e0bfd6c4d4

SHA1
12835a228098b7383dcfd3cecd51255f45bc4083

SHA256
f198754468f5b0eb417273d6099cd70cbdf4bfb1d407212aeaf403f304d90f1f

SHA512
4ff6f79c1c41d9fb7f027817275cea55f7c037098e5247a773a9e1f72dcb280a372f9184b97fec99bf329cc36410bf0563e1545323e958c203162065d2c43867

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\css\mine.13939d83.css
Filesize
5KB

MD5
ed5f0333ea4a3af7ff84dd1a18bbb373

SHA1
e8d7f484eef647fe13281f546980b95679751806

SHA256
7866e741694c8546b6bcb704dd443188b8c294dc3528355ecdc7c6a953e2b879

SHA512
6d53bcc30fff9eefd74ab7e5a18f1b2ea0cc01234f3a89683850b8c535c3151a8a7f512d00850a72794414319435f2e7e11c25b4eb2e6d0ee5665ea8da48d0ad

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\css\mine.8296631e.css
Filesize
5KB

MD5
ed36b166e707e77bc0c40131443bb0c6

SHA1
6b025833490dd1a3d33e31bb97127fbdb6e41290

SHA256
d74e27a76266c106d84e3d52291f07e0b78738e572072be39e663e8ffd83e512

SHA512
0a70d48759f417503051217a05469e5df6ad446e8e7b4ad397c9e1e2e4351830bf14cfba4a06e129346312bf189e889a84eded0b198bf018123ff58826ae0882

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\arrow.0309f108.svg
Filesize
262B

MD5
ab5498711503448ba98d5161060526a3

SHA1
43f3d0a7cfc12bc6b326e14c20dcbe25a9814bdf

SHA256
aace3bdee8397c43925083a1d8e6453af59ffb7abc4cec10f2adeabc66d6cd6c

SHA512
ebaa35e933b971f278f45471c5b724e7bcd14f168f74f4ebf45077ece96a650b22e78f8e26dbe34bc18e6364c6afc24d4ee08b018d2d4019188a0a381cbcc25e

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\arrow_hover.f78bddbd.svg
Filesize
219B

MD5
08332636322a01ee1c0ff398c5c4f092

SHA1
9349e026597b7d7d7f2661b89343765c648b3471

SHA256
b651c5ff6e84dab6e39911e70fa211ded92b9579294dc80a869364c3948b4753

SHA512
5bfae78ca6d94dcde62811e8c962c58aec86fd133509e132a085425250852acb26e919e92f4d2ca12952d5decd1154be51e5a7acbd874ff0455c9dee1e0e0c9b

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\close.bcd72c39.svg
Filesize
798B

MD5
a21d686206c719b1dca8ae2660ec7a0f

SHA1
614c1f07da6e2dfce46143e7e4fdd61900a5a059

SHA256
9b8e162dcdc46211b7896873a10a813c38b25a989724eb669252ebb114b962de

SHA512
87baa74590842ebc0944952e26f08a1f768774c37f646275c8e90ba69a089e33df31fe8c593f9ac36831dca74015ac7298da38c23781ec4908c4827a9632223f

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\close_hover.a128114a.svg
Filesize
711B

MD5
e208d7f9c4a98b232a46880b19f98d0b

SHA1
6b0a1557ddc4d93959a64a54d4305ac97e5f1542

SHA256
c52addf07e563ec434e36c042cf4b83adcc4425a774d847f774661b8873390f1

SHA512
41f9ffccd47709694e0115811f7a119138ab64ed4d7ad337d83bbe77fafe016969e19b9967ea5d3435477c6d04461f1b0222559d5f9bbfc41ebfd2558a81d79a

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\mine_icon.fd50af46.svg
Filesize
779B

MD5
fd50af46545e41eb3d12a6d75e238135

SHA1
5b2859fba0b2f7b70c1e332852d5425d6516201e

SHA256
d3b79bb9a9540ef66f22c4d51fbdf3ef1606450548d429a6f48437a09d86e7de

SHA512
84eed3d718cd8500f59ec5e2c2859eadf2ba4685df4cce4a30791a2a1f755061032f9c4029336d7a20783735ad1f23c1ea1cab05a34db6decc3e7289e421b77d

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\img\system_icon.e37bd68f.svg
Filesize
390B

MD5
e37bd68faea64f598af8bbcd24dec74a

SHA1
b61468e78ea93ca9369ca0a81715f69e835d6783

SHA256
de839792f1a7ea69dfb7804ae9ed285dbc17b72842d4f1225e7011687cd7cca2

SHA512
96847754a227964a6d798294cf4195294635579a755521be9d4cfa04aef84d2dc0ee3f2c36b7c4131393c73fe69e6689afbf18eb3ec7de91b1f6fbd9a9d70106

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\chunk-036b24fb.bc309b6f.js
Filesize
499B

MD5
cb9321ebd6a088abd4c64a468d5d866e

SHA1
1e1ee2b52eb604a77dde2fc2aabd91a3ee9e3195

SHA256
152f7767ce6e84de8363d4b6b9159434d7dae63cf752d3ad6880702ed47c0e4c

SHA512
3e089686e21cf5bb5dc7365a895c9ef31eac356eba23a894b2791ea573973ff1a998ac3571c16a5cd5e3983defa1562f3db3be4c7c9b2acd74915c2c92564ae7

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\chunk-vendors.93aab821.js
Filesize
153KB

MD5
6c3e58c1c4dc4add4ff190f34306d5de

SHA1
4e9c36f638f5cb58ff6842228e781adfffd151cf

SHA256
11c16d89b6a65427148e385a8b37ab1ecf03d9ca263552bc6de60745c6816938

SHA512
b3890b93ae94153eb5b812581d2ed16a6a64f6b96cfb662b5121afec5c28bea98a096e9fa5305a88dd86a40280398002af45f353b768db20605fba23f5863b35

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-fr-json.c33b4d00.js
Filesize
126B

MD5
7df8a16c0f8d372d1b2732308c89f236

SHA1
9b2c3b3da03b9829401fe2af8c9aab817c7f1f99

SHA256
cfedc25e785d972a857f61517e3e4ca5026de61c3ee3d75caf636c2871e8f8e8

SHA512
5d90b953167bb41804f8b5fa47b310e13ed74ee385dab15e9446d6590fae6b82dd980304f33a37ae556050b2cdb2e24f030592218531cb674c0af23322e9b559

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-id-json.4709fcc6.js
Filesize
124B

MD5
218239c6f137b8a5f981aa22c204a204

SHA1
14ded58c6c08589be5b7f52acbd9bebfe581b407

SHA256
12f6e4a8e59e519d2a0f62f0d3b20f200ceeecbe4728db0a071900175d5d8a91

SHA512
5faf576c8937e8e8b2d0609b6ca9ca9ed878ab34e5303c90b534817699b2fe5655dccd45ce72161632de424b938a0ca13dad8930c4dc15dc922ccf9130631dca

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-ja-json.e35f39a8.js
Filesize
124B

MD5
1c1dc1f5a7761319e2e62d460485df8d

SHA1
ceae9d0747c040fc9cb2d3ea0348f2a097ad7a65

SHA256
31555456a0b06e499138d9c38c712d3064fa197cc3e002aea5e732157625d808

SHA512
33f36c715b2255e077c0d59bc5a09f2b78f5a294d133a11af2870fd715687c70dfec7b2c15cdf0fcdcdcc1b3821cf0b4be212a4a2b78be14dd2c4b98149bd779

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-ko-json.b14601aa.js
Filesize
126B

MD5
391c2e2753012c6f5a7e5da997af327c

SHA1
0ac8a36fc1fb12fed0a1bf638fa104b04ccf5d33

SHA256
61549ce21eb1f8c921dbc6df701567a5009f1894464bddf8ecdd3cf93559c614

SHA512
fa4f85d422571ebb59a4defb4d5445e96384426e174abbe1a46383920f229e2d1070872049d2d00f5000c3208df5db7b47322abebf7d95451f0b7d1de8deabd3

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-pt-json.ca234213.js
Filesize
126B

MD5
dec9007cda204e222b45c59946ca2b45

SHA1
6341d547a8d050ec13491283ed3c73aa5d375c15

SHA256
8feb57b228e083801a1d5bf7c36b6e78f8c97c45f3eba3ef52dff5c4566807b0

SHA512
8806bf1335877fd3c4272a57b2de7353640d9beeb342d695ff5a86b3f313a117bbb7a4e9e1baa58c0f539042a73a1c347b7c5ed773083e880703fc44ee1e88c7

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-ru-json.8e3adfa1.js
Filesize
124B

MD5
63591cb6c2ccbc30e7073f0815798394

SHA1
779e90a3428c4a9d60080bcdbee4bd3ce05011a3

SHA256
079f9067619dbd4eb5f9d2eddcc3c2abda40850e3394d517ebdfec0e959e8ad8

SHA512
f82800a95a4d1fa441fd51b6fb9508eda3ef44c7b98bb00af94bf38bf0268caeb0a650765aad63f2ac3437f7ce8fb36caa3a855e13faa54387841bca390dbfcf

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-sp-json.42234fed.js
Filesize
124B

MD5
89824f65d47c04ee20c20e567e76c1a2

SHA1
dab473cbc6884dcc8578e28520887adf9bc6be84

SHA256
7ea583af448fc48037a1f2f88eae6651423b9af87b11fa2bd6461cc7416d4b42

SHA512
37187bdb0eabc0d746f2c402327abee17b1de139245e569fe6e0f6ac145e674277b5a4f447e1eb308a2bfe7a6ac5e47b42f17f1294b6482d2a5acbdbeb893f57

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-th-json.c8a63538.js
Filesize
124B

MD5
64f621dcb319fa48b457c68c11d3417f

SHA1
8843ad6d94b16e981239589695a49766ba2333bc

SHA256
3f04cb1c0ecde109b7a192c242388188d60899715d61a712e0ff1c318da5c561

SHA512
71a0ad96f940b77ccb40381cc99ac5c2b1910b9ed4893181d94bf9d13809fbadfd2e8c43556b78e068978f5b89afa706ecaec2fdbec199310248b6bede2f43bc

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-vi-json.bf26c8f8.js
Filesize
124B

MD5
f5a51f0bc374a161aab9211bcaf748ff

SHA1
2940acdbb4a3604abac1fec81c545cc6e1afd221

SHA256
55a3062467c5876cc2cfd83e1ce3a89842b4c66dbb98431b1c0309d14b6243eb

SHA512
45682fc3a3998f5ad006e19adcd1b69484342fc90c6de22f55abf6b4f7b2a4654c20d4b961d37995f010b61f00ddd92bf4e9a988852e3c13e4429eddff2782fb

Download Submit
F:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-zh-Hant-json.50d9eb8a.js
Filesize
131B

MD5
44ffffc75b554c6d81c2308aa9da6ad4

SHA1
9c400f9548e96f04304a0c728a5e7b157a8c7e43

SHA256
d8e216a387dab410cfe1133c0c45e64596a475a4adf0bcede1eb2f6f221f1638

SHA512
944182f408b325cc88a2ced26a4c244b3bc45a3a6f8b35fd908fb523e102ca46e70525c393a2e1b93365b3a3363a093959087fdc18361ea22035bf71d551efdb

Download Submit
memory/644-648-0x0000000007DC0000-0x0000000007DD1000-memory.dmp

Filesize
68KB

Download
memory/644-620-0x00000000062A0000-0x0000000006306000-memory.dmp

Filesize
408KB

Download
memory/644-617-0x0000000003070000-0x00000000030A6000-memory.dmp

Filesize
216KB

Download
memory/644-645-0x0000000007BB0000-0x0000000007BCA000-memory.dmp

Filesize
104KB

Download
memory/644-644-0x00000000081F0000-0x000000000886A000-memory.dmp

Filesize
6.5MB

Download
memory/644-643-0x0000000007870000-0x0000000007914000-memory.dmp

Filesize
656KB

Download
memory/644-642-0x0000000007850000-0x000000000786E000-memory.dmp

Filesize
120KB

Download
memory/644-632-0x0000000007810000-0x0000000007844000-memory.dmp

Filesize
208KB

Download
memory/644-618-0x0000000005BD0000-0x00000000061FA000-memory.dmp

Filesize
6.2MB

Download
memory/644-633-0x000000006E8E0000-0x000000006E92C000-memory.dmp

Filesize
304KB

Download
memory/644-629-0x0000000006380000-0x00000000066D7000-memory.dmp

Filesize
3.3MB

Download
memory/644-646-0x0000000007C30000-0x0000000007C3A000-memory.dmp

Filesize
40KB

Download
memory/644-647-0x0000000007E40000-0x0000000007ED6000-memory.dmp

Filesize
600KB

Download
memory/644-631-0x0000000006890000-0x00000000068DC000-memory.dmp

Filesize
304KB

Download
memory/644-630-0x0000000006850000-0x000000000686E000-memory.dmp

Filesize
120KB

Download
memory/644-650-0x0000000007EE0000-0x0000000007EFA000-memory.dmp

Filesize
104KB

Download
memory/644-619-0x0000000006200000-0x0000000006222000-memory.dmp

Filesize
136KB

Download
memory/644-649-0x0000000007E00000-0x0000000007E0E000-memory.dmp

Filesize
56KB

Download
memory/2660-661-0x000000006E8E0000-0x000000006E92C000-memory.dmp

Filesize
304KB

Download
memory/2976-679-0x000000006E8E0000-0x000000006E92C000-memory.dmp

Filesize
304KB

Download
memory/3956-801-0x0000000037360000-0x0000000037370000-memory.dmp

Filesize
64KB

Download
memory/3956-994-0x000000006C470000-0x000000006DE6B000-memory.dmp

Filesize
26.0MB

Download
memory/3956-993-0x000000006DE70000-0x000000006E416000-memory.dmp

Filesize
5.6MB

Download
memory/3956-992-0x000000006C290000-0x000000006C2E9000-memory.dmp

Filesize
356KB

Download
memory/3956-991-0x000000006C2F0000-0x000000006C36A000-memory.dmp

Filesize
488KB

Download
memory/3956-990-0x000000006C3F0000-0x000000006C46E000-memory.dmp

Filesize
504KB

Download
memory/4972-28-0x0000000073460000-0x0000000073C11000-memory.dmp

Filesize
7.7MB

Download
memory/4972-852-0x0000000073460000-0x0000000073C11000-memory.dmp

Filesize
7.7MB

Download
memory/4972-21-0x0000000007970000-0x0000000007A02000-memory.dmp

Filesize
584KB

Download
memory/4972-20-0x0000000007D80000-0x0000000008326000-memory.dmp

Filesize
5.6MB

Download
memory/4972-17-0x0000000005520000-0x0000000005536000-memory.dmp

Filesize
88KB

Download
memory/4972-40-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/4972-41-0x000000007346E000-0x000000007346F000-memory.dmp

Filesize
4KB

Download
memory/4972-18-0x0000000073DD0000-0x0000000073DE6000-memory.dmp

Filesize
88KB

Download
memory/4972-23-0x00000000036F0000-0x000000000378C000-memory.dmp

Filesize
624KB

Download
memory/4972-22-0x00000000035F0000-0x0000000003634000-memory.dmp

Filesize
272KB

Download
memory/4972-13-0x000000007346E000-0x000000007346F000-memory.dmp

Filesize
4KB

Download
memory/4972-24-0x0000000003790000-0x00000000037F6000-memory.dmp

Filesize
408KB

Download
memory/4972-12-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/4972-26-0x0000000005670000-0x000000000567A000-memory.dmp

Filesize
40KB

Download
memory/4972-43-0x0000000073460000-0x0000000073C11000-memory.dmp

Filesize
7.7MB

Download
memory/4972-25-0x0000000009290000-0x00000000097BC000-memory.dmp

Filesize
5.2MB

Download
memory/4972-42-0x0000000073460000-0x0000000073C11000-memory.dmp

Filesize
7.7MB

Download
memory/4972-27-0x0000000073460000-0x0000000073C11000-memory.dmp

Filesize
7.7MB

Download

pid	process
3956	dnplayer.exe
5580	LeoMoon CPU-V.exe
7096	dnplayer.exe
3216	LeoMoon CPU-V.exe
6368	dnplayer.exe

pid	process
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656

pid	process
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656

pid	process
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656
656