Overview

overview

10

Static

static

ViviSetup.exe

windows7-x64

10

ViviSetup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    592s
  • max time network
    618s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2022 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ViviSetup.exe

  • Size

    113.1MB

  • MD5

    913b1ade3be9997e30b3dfeab8f733c4

  • SHA1

    c5046c370170b2b565f1341e192a7406238fb949

  • SHA256

    6baa99b3494c8c8f8f0d2a76be07a4d602e81e412b8ecc5dfa49564a7bb30eda

  • SHA512

    6e5d7700b5329dd7c963dfd31ec56fd78bf7c04136023455b751294affe9e2dea42edbcbe22e1024dea8420570b22331955cd1332a707d461a01f49f7218d477

  • SSDEEP

    3145728:RifO83mHhj4NXbxNndXjNLYymIRJDe0/3rF:1AmB8NrrndJuEJDe0PrF

Score
10/10
zloaderbotnetevasionpersistenceransomwaretrojanupx

Malware Config

Extracted

Path

C:\Program Files\Vivi Corporation\Vivi\LICENSES.chromium.html

Ransom Note
<!-- Generated by licenses.py; do not edit. --><!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="color-scheme" content="light dark"> <title>Credits</title> <link rel="stylesheet" href="chrome://resources/css/text_defaults.css"> <link rel="stylesheet" href="chrome://credits/credits.css"> </head> <body> <span class="page-title" style="float:left;">Credits</span> <a id="print-link" href="#" style="float:right;" hidden>Print</a> <div style="clear:both; overflow:auto;"><!-- Chromium <3s the following projects --> <div class="product"> <span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span> <span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span> <input type="checkbox" hidden id="0"> <label class="show" for="0" tabindex="0"></label> <div class="licence"> <pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp). You may use, copy, modify this code for any purpose and without fee. You may distribute this ORIGINAL package. </pre> </div> </div> <div class="product"> <span class="title">Abseil</span> <span class="homepage"><a href="https://github.com/abseil/abseil-cpp">homepage</a></span> <input type="checkbox" hidden id="1"> <label class="show" for="1" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. &quot;License&quot; shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. &quot;Licensor&quot; shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. &quot;Legal Entity&quot; shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, &quot;control&quot; means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. &quot;You&quot; (or &quot;Your&quot;) shall mean an individual or Legal Entity exercising permissions granted by this License. &quot;Source&quot; form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. &quot;Object&quot; form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. &quot;Work&quot; shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). &quot;Derivative Works&quot; shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. &quot;Contribution&quot; shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, &quot;submitted&quot; means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as &quot;Not a Contribution.&quot; &quot;Contributor&quot; shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a &quot;NOTICE&quot; text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets &quot;[]&quot; replaced with your own identifying information. (Don&#x27;t include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same &quot;printed page&quot; as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the &quot;License&quot;); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. </pre> </div> </div> <div class="product"> <span class="title">Accessibility Audit library, from Accessibility Developer Tools</span> <span class="homepage"><a href="https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_testing.js">homepage</a></span> <input type="checkbox" hidden id="2"> <label class="show" for="2" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. &quot;License&quot; shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. &quot;Licensor&quot; shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. &quot;Legal Entity&quot; shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, &quot;control&quot; means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. &quot;You&quot; (or &quot;Your&quot;) shall mean an individual or Legal Entity exercising permissions granted by this License. &quot;Source&quot; form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. &quot;Object&quot; form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. &quot;Work&quot; shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). &quot;Derivative Works&quot; shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. &quot;Contribution&quot; shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, &quot;submitted&quot; means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, in
Emails

ooura@kurims.kyoto-u.ac.jp

&lt;jserv@0xlab.org&gt

&lt;tholo@sigmasoft.com&gt

&lt;dm@uun.org&gt

&lt;djm@openbsd.org&gt

&lt;markus@openbsd.org&gt

&lt;Todd.Miller@courtesan.com&gt

&lt;wes@softweyr.com&gt

&lt;mike@FreeBSD.org&gt

&lt;kostik@iclub.nsu.ru&gt

&lt;das@FreeBSD.ORG&gt

&lt;otto@drijf.net&gt

&lt;millert@openbsd.org&gt

&lt;das@FreeBSD.org&gt

&lt;ed@FreeBSD.org&gt

&lt;theraven@FreeBSD.org&gt

&lt;mpi@openbsd.org&gt

&lt;ajacoutot@openbsd.org&gt

&lt;deraadt@openbsd.org&gt

&lt;beck@obtuse.com&gt
URLs

https://www.apache.org/licenses/

https://www.apache.org/licenses/LICENSE-2.0

http://www.apache.org/licenses/

http://www.apache.org/licenses/LICENSE-2.0

http://code.google.com/p/y2038

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2

http://mozilla.org/MPL/2.0/

http://www.torchmobile.com/

https://cla.developers.google.com/clas

http://www.openssl.org/)&quot

https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS

http://www.opensource.apple.com/apsl/

https://github.com/typetools/jdk

https://github.com/typetools/stubparser

https://github.com/typetools/annotation-tools

https://github.com/plume-lib/

http://www.mozilla.org/MPL/

http://source.android.com/

http://source.android.com/compatibility

http://www.apple.com/legal/guidelinesfor3rdparties.html

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Drops file in Drivers directory 4 IoCs
  • Executes dropped EXE 13 IoCs
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 37 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 31 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 37 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ViviSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\ViviSetup.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:760
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\ViviSetup.x64.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\ViviSetup.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1664590968 "
      2⤵
      • Enumerates connected drives
      • Suspicious use of FindShellTrayWindow
      PID:3044
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4356
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding DA49A7BF8EAAF01754F74C5500A985EF C
      2⤵
      • Loads dropped DLL
      PID:1796
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 18109D829CBFC8991CB32048B18D933B C
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5020
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4536
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding E3BFA0A55DCB463801CD092796094886
        2⤵
        • Loads dropped DLL
        PID:3124
      • C:\Windows\Installer\MSI442A.tmp
        "C:\Windows\Installer\MSI442A.tmp" /RunAsAdmin /HideWindow C:\Windows\System32\netsh.exe advfirewall firewall add rule name="Vivi" program="C:\Program Files\Vivi Corporation\Vivi\Vivi.exe" enable=yes dir=in action=allow
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious use of WriteProcessMemory
        PID:4524
        • C:\Windows\SysWOW64\netsh.exe
          "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Vivi" program="C:\Program Files\Vivi Corporation\Vivi\Vivi.exe" enable=yes dir=in action=allow
          3⤵
          • Modifies Windows Firewall
          PID:5092
      • C:\Windows\Installer\MSI49D9.tmp
        "C:\Windows\Installer\MSI49D9.tmp" /RunAsAdmin /HideWindow C:\Windows\System32\certutil.exe -f -delstore root b031f460609536ff63d97d0f2a0a56857c83cbdd
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious use of WriteProcessMemory
        PID:1584
        • C:\Windows\SysWOW64\certutil.exe
          "C:\Windows\System32\certutil.exe" -f -delstore root b031f460609536ff63d97d0f2a0a56857c83cbdd
          3⤵
            PID:2036
        • C:\Windows\Installer\MSI4B41.tmp
          "C:\Windows\Installer\MSI4B41.tmp" /RunAsAdmin /HideWindow C:\Windows\System32\certutil.exe -f -delstore root baca91c082eebcd0f90e96313fbf2ae55802557d
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Suspicious use of WriteProcessMemory
          PID:4848
          • C:\Windows\SysWOW64\certutil.exe
            "C:\Windows\System32\certutil.exe" -f -delstore root baca91c082eebcd0f90e96313fbf2ae55802557d
            3⤵
              PID:3836
          • C:\Program Files\Vivi Corporation\Vivi\extend\ViviDisplaySetup64.exe
            "C:\Program Files\Vivi Corporation\Vivi\extend\ViviDisplaySetup64.exe" install
            2⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            • Checks SCSI registry key(s)
            PID:3212
          • C:\Program Files\Vivi Corporation\Vivi\usb\viviusb64.exe
            "C:\Program Files\Vivi Corporation\Vivi\usb\viviusb64.exe" --install-drivers
            2⤵
            • Executes dropped EXE
            • Modifies data under HKEY_USERS
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1320
            • C:\Windows\System32\pnputil.exe
              "C:\Windows\System32\pnputil.exe" -a "C:\Users\Admin\AppData\Local\Temp\vhusb3hc.inf" -i
              3⤵
              • Drops file in Windows directory
              • Checks SCSI registry key(s)
              PID:1000
          • C:\Program Files\Vivi Corporation\Vivi\usb\viviusb64.exe
            "C:\Program Files\Vivi Corporation\Vivi\usb\viviusb64.exe" --install-service-na --redirect=NUL
            2⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:4196
        • C:\Windows\system32\vssvc.exe
          C:\Windows\system32\vssvc.exe
          1⤵
          • Checks SCSI registry key(s)
          PID:3632
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
          1⤵
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Suspicious use of WriteProcessMemory
          PID:3828
          • C:\Windows\system32\DrvInst.exe
            DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{0a5ef606-8be9-cf43-8f82-206c37f58f44}\ViviDisplay.inf" "9" "410b4358f" "0000000000000150" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\Vivi Corporation\Vivi\extend"
            2⤵
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Checks SCSI registry key(s)
            • Modifies data under HKEY_USERS
            PID:3480
          • C:\Windows\system32\DrvInst.exe
            DrvInst.exe "2" "1" "ROOT\DISPLAY\0000" "C:\Windows\System32\DriverStore\FileRepository\vividisplay.inf_amd64_10a5fb5d92739d28\vividisplay.inf" "oem2.inf:*:*:1.1.236.96:Root\VID_VIVI_VIRTUAL_DISPLAY_0001," "410b4358f" "0000000000000150"
            2⤵
            • Drops file in Drivers directory
            • Drops file in Windows directory
            • Checks SCSI registry key(s)
            PID:1736
          • C:\Windows\system32\DrvInst.exe
            DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{fed58055-234a-ff40-ba52-3d3f4f440273}\vhusb3hc.inf" "9" "46d584de7" "0000000000000164" "WinSta0\Default" "0000000000000174" "208" "C:\Users\Admin\AppData\Local\Temp"
            2⤵
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Checks SCSI registry key(s)
            • Modifies data under HKEY_USERS
            PID:968
          • C:\Windows\system32\DrvInst.exe
            DrvInst.exe "2" "1" "ROOT\USB\0000" "C:\Windows\System32\DriverStore\FileRepository\vhusb3hc.inf_amd64_b04a55889f4a7423\vhusb3hc.inf" "oem3.inf:*:*:23.34.20.754:ROOT\VHUSB3HC," "46d584de7" "0000000000000164"
            2⤵
            • Drops file in Drivers directory
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Checks SCSI registry key(s)
            PID:2688
        • C:\Program Files\Vivi Corporation\Vivi\usb\viviusb64.exe
          "C:\Program Files\Vivi Corporation\Vivi\usb\viviusb64.exe" -n -e
          1⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Suspicious use of SetWindowsHookEx
          PID:3060
        • C:\Program Files\Vivi Corporation\Vivi\Vivi.exe
          "C:\Program Files\Vivi Corporation\Vivi\Vivi.exe"
          1⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          • Adds Run key to start application
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:3480
          • C:\Program Files\Vivi Corporation\Vivi\Vivi.exe
            "C:\Program Files\Vivi Corporation\Vivi\Vivi.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Vivi" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1552 --field-trial-handle=1728,i,2399082794489994486,7391059767691710294,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
            2⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4548
          • C:\Program Files\Vivi Corporation\Vivi\Vivi.exe
            "C:\Program Files\Vivi Corporation\Vivi\Vivi.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Vivi" --mojo-platform-channel-handle=2072 --field-trial-handle=1728,i,2399082794489994486,7391059767691710294,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
            2⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1720
          • C:\Program Files\Vivi Corporation\Vivi\Vivi.exe
            "C:\Program Files\Vivi Corporation\Vivi\Vivi.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Vivi" --app-user-model-id=electron.app.Vivi --app-path="C:\Program Files\Vivi Corporation\Vivi\resources\app.asar" --no-sandbox --no-zygote --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1864 --field-trial-handle=1728,i,2399082794489994486,7391059767691710294,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
            2⤵
            • Executes dropped EXE
            • Checks computer location settings
            • Loads dropped DLL
            • Modifies registry class
            PID:4620
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /d /s /c "C:\windows\sysnative\reg QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
              3⤵
                PID:4192
                • C:\windows\system32\reg.exe
                  C:\windows\sysnative\reg QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
                  4⤵
                    PID:2836
                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  powershell.exe -c "Get-CimInstance -Class CIM_Processor | Select-Object -Property AddressWidth,MaxClockSpeed,Name,NumberOfCores | Format-List"
                  3⤵
                  • Drops file in Program Files directory
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4072
                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  powershell.exe -c "Get-CimInstance -Class Win32_PhysicalMemoryArray | Select-Object -Property MaxCapacity | Format-List"
                  3⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3092
                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  powershell.exe -c "Get-CimInstance -Class CIM_OperatingSystem | Select-Object -Property Caption,Organization,OSArchitecture,Version | Format-List"
                  3⤵
                  • Drops file in Program Files directory
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1908
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /d /s /c "ver"
                  3⤵
                    PID:3112
                • C:\Program Files\Vivi Corporation\Vivi\Vivi.exe
                  "C:\Program Files\Vivi Corporation\Vivi\Vivi.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Vivi" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2356 --field-trial-handle=1728,i,2399082794489994486,7391059767691710294,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                  2⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:224
                • C:\Program Files\Vivi Corporation\Vivi\Vivi.exe
                  "C:\Program Files\Vivi Corporation\Vivi\Vivi.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Vivi" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2592 --field-trial-handle=1728,i,2399082794489994486,7391059767691710294,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                  2⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1848

              Network

              MITRE ATT&CK Matrix ATT&CK v6

              Initial Access

              Execution

              Persistence

              Modify Existing Service

              1
              T1031

              Registry Run Keys / Startup Folder

              1
              T1060

              Privilege Escalation

              Defense Evasion

              Modify Registry

              1
              T1112

              Credential Access

              Discovery

              Query Registry

              3
              T1012

              System Information Discovery

              4
              T1082

              Peripheral Device Discovery

              2
              T1120

              Lateral Movement

              Collection

              Exfiltration

              Command and Control

              Impact

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\MSI81D3.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI81D3.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI84D2.tmp
                Filesize

                929KB

                MD5

                7b28f3f2c070210ee4b1059a6fc6a3a4

                SHA1

                a22cfe1e151e02dbfeb4ce532999e0f70f7ba7a5

                SHA256

                c3151770c17340ee8e5281db2c3f7fc218733781dab474094a31ed046a923f3f

                SHA512

                36ddcc74a254bdb922b9f130d21c83dcc8a1ab2324223a1eab9839b846c8d5abf1bad69498be396b0f6a9a04621e1e6562787144df38901140a6a9c3c89f0ae2

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI84D2.tmp
                Filesize

                929KB

                MD5

                7b28f3f2c070210ee4b1059a6fc6a3a4

                SHA1

                a22cfe1e151e02dbfeb4ce532999e0f70f7ba7a5

                SHA256

                c3151770c17340ee8e5281db2c3f7fc218733781dab474094a31ed046a923f3f

                SHA512

                36ddcc74a254bdb922b9f130d21c83dcc8a1ab2324223a1eab9839b846c8d5abf1bad69498be396b0f6a9a04621e1e6562787144df38901140a6a9c3c89f0ae2

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI87FC.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI87FC.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI887A.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI887A.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI8927.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI8927.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI8996.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI8996.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI8ABF.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI8ABF.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI8BE9.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI8BE9.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI8C77.tmp
                Filesize

                929KB

                MD5

                7b28f3f2c070210ee4b1059a6fc6a3a4

                SHA1

                a22cfe1e151e02dbfeb4ce532999e0f70f7ba7a5

                SHA256

                c3151770c17340ee8e5281db2c3f7fc218733781dab474094a31ed046a923f3f

                SHA512

                36ddcc74a254bdb922b9f130d21c83dcc8a1ab2324223a1eab9839b846c8d5abf1bad69498be396b0f6a9a04621e1e6562787144df38901140a6a9c3c89f0ae2

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSI8C77.tmp
                Filesize

                929KB

                MD5

                7b28f3f2c070210ee4b1059a6fc6a3a4

                SHA1

                a22cfe1e151e02dbfeb4ce532999e0f70f7ba7a5

                SHA256

                c3151770c17340ee8e5281db2c3f7fc218733781dab474094a31ed046a923f3f

                SHA512

                36ddcc74a254bdb922b9f130d21c83dcc8a1ab2324223a1eab9839b846c8d5abf1bad69498be396b0f6a9a04621e1e6562787144df38901140a6a9c3c89f0ae2

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSIEC5B.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSIEC5B.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSIEC7B.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSIEC7B.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSIEC8C.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\MSIEC8C.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\Vivi.exe
                Filesize

                122.5MB

                MD5

                270115cb8571601ccff3b5eccecb066a

                SHA1

                a831b89de23b57d220f103c0cab568ae9efd4f56

                SHA256

                c5a0b0e07c06bfe803b88b734cfdbe7f3b69926eaab0b0e546ede801370db617

                SHA512

                2d9997c69c0ab85a489f22fc76c7513cd138a87fdab1868acd9492019f72c7eb2851914ec425d54a0f1af956e9b931fe0584c63c567eee1617d5ad65b86ef175

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\ViviSetup.x64.msi
                Filesize

                4.1MB

                MD5

                7110ace6bca530005253b57499cc237d

                SHA1

                bfbe93e43843d970639928bde7d15fa02fba6fac

                SHA256

                625ba209ffac90cb578f890245f36d4007fa161d630011c15b078650d2a5426c

                SHA512

                c1d2b6e3cfba7a9b6b1ab078ccadee58cfb3c3e267afce075bd674d553930727c074f1f60d68c500350e3a9a551914776836ad861d33f8ecee8c2f5d43a5bae3

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\d3dcompiler_47.dll
                Filesize

                3.5MB

                MD5

                2f2e363c9a9baa0a9626db374cc4e8a4

                SHA1

                17f405e81e5fce4c5a02ca049f7bd48b31674c8f

                SHA256

                2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

                SHA512

                e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\extend\ViviDisplaySetup32.exe
                Filesize

                150KB

                MD5

                66ed99c775f95b6da38db150a52c5fe7

                SHA1

                079d566595e2326056cebfcf9e8084d5369e6154

                SHA256

                0494e8965126e8937e199ada453ac209dffec346770492a224900e9ceb47facb

                SHA512

                7e346a31d04161b281a91c646263d387fe6a4a4da9f06cb0a396d03f4ca2e7f5f72532be0c09de7c86b9a75f85e97ec2c711ae6dfc8b909e2b33811c847b0fb5

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\extend\ViviDisplaySetup64.exe
                Filesize

                174KB

                MD5

                493daf56a3043be90d465883b0c41086

                SHA1

                542c56d99344c42e25758bd7e4b984da2ec1e4d6

                SHA256

                f47bf1528f5f80df0f5cdaf4bd5bd0da622fb43fea1b6dc9faf222afc5f1fdda

                SHA512

                2aef6a4d4f27b04fa90f7133003975f67fdbb271b9a0ad0d2300402bbd0cdaffefa37f5ca1207b8550de629d4e0e7f02b0fba3d61518774a6100197d0586ba43

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\extend\amd64\ViviDisplayDriver1_0.dll
                Filesize

                117KB

                MD5

                947ce2b79459e22a185c9a796cf02fc4

                SHA1

                73f23d91aab6a1e49d4d7020abe727996c297cf7

                SHA256

                e88028726bd247263a9a2976bd340455bc2a2bca18b36cbf71834e7aa8a0e506

                SHA512

                e405f9cc51a5117d3dbf24cb7fd60da2f7d0db18078e7ec1837cb7d3a2ca46cc6f315d5154bbf8057a3e49eaa1ca522138c9d1a2b2d301516079265b0d477224

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\extend\amd64\ViviDisplayDriver1_2.dll
                Filesize

                117KB

                MD5

                c0285d968d2a9d1acef1a0b4bd06a22c

                SHA1

                946de4945a94d7ecb3bb3fa4a0cd4c8db61c88e6

                SHA256

                55f6953c4c884bc0974762e798e7d6a306caf02193852673490ecb0936fd13d9

                SHA512

                e8f260365121d952925f4d6e5e2002aef3665c4cea827b910335f441d62454075e4ead3a67120fd272dc393a5b944c8058ac5f3ccb7c99716730659825d34681

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\extend\x86\ViviDisplayDriver1_0.dll
                Filesize

                99KB

                MD5

                7916cb0a165eb16afb32710e4b3e510a

                SHA1

                aa0001e9bd67ad5b7fef107c8c626f8aef04e110

                SHA256

                b72c50ca18f7258aaf93fed6abea3ef2aa5379f36ac90c8952c1c127c75ccd48

                SHA512

                0885db1cdbab2a7fd9231750eb8bb5f6711695cfef7940045dab28eb1aabf8529699f3a2a0dba899bd5680ce28b1159c19c88e9a29ccdd3ade312b58c2c92077

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\extend\x86\ViviDisplayDriver1_2.dll
                Filesize

                99KB

                MD5

                a2d455b16a69853523d1a08ebfacf455

                SHA1

                116f83f6b12896ca6ab3723299b6541158b76e91

                SHA256

                94852c7c9b106cffebde89bd5e65361e0fab219b727095d57fbe982f666d0e21

                SHA512

                c2b150e954e30bcc7559b69979d85c04982083171474e4ea042cd5190c8ccc5ad06f56337a35d998fc8387d85eb2e5412f172a46781a961fb586b631cad983e3

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\ffmpeg.dll
                Filesize

                2.5MB

                MD5

                d3ffc36ddd21357320e256314ba0bbed

                SHA1

                b0aa24771ccea0ffec089cd7aa5a6a2f2203c1f0

                SHA256

                226b591f952480fda136a0831800417339d5b5786d865278707fd57bc6e099da

                SHA512

                bf193b2244f18521e8fc548308a64b3018d0838c0664a7620c3c55a100032af8399ad8ba7a6b9d301bd01ac3bb72c8f2d32f516d8296829dbd710fdff8823b1a

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\build\Release\broadcast.node
                Filesize

                4.2MB

                MD5

                c81057a9c8f03db308aba08d137093af

                SHA1

                61679092dac1f1c50ff4b63159e30e2d8e235060

                SHA256

                e8fd055bdaf3c2260b27aa7f0d8e3c62b8ec4008960d496cc7f1b9f16c0f0c9b

                SHA512

                fe4345acefc1a2817dc6c019a27c75994d030c15fbcd2d9ed4eb8d73c43e682226b4263370269095e12ccc5ab79b4ae53ce5c7ea8fb8a2e2a90f6876bcf8a012

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\build\Release\bz2.dll
                Filesize

                52KB

                MD5

                c9fc651b66aa706643b8b790b6c3ae54

                SHA1

                c33747fa63cc59125fee55f86bf80c5bc5fc58c4

                SHA256

                05fb0fe16c8e2a72c096b75aaff4af2f721f0483cf9a85243e2391ee997b756f

                SHA512

                2f6abac3a3f7ee5d51b6ff2b8bd9e9f2941f8ef7cdd0b3ac67bee95b93a8169823e03f858cbb836e49c6fcb3c165f0ee53bae98d43d5ce1bd3a428cdc544c0a3

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\build\Release\ffi-7.dll
                Filesize

                23KB

                MD5

                b27705bc1159480f7e0f98246e942cff

                SHA1

                4c5dee0a5e6b3b0be621123e2bdf4d38f5405250

                SHA256

                c8590b4a1a6342e0d91db93df4d85031f16d98d6567679a4857f1bab9a55f10a

                SHA512

                cfdcfae8bf2fd2bbae0a5d6aca1bccff5f1a0c2d20e05c41752d7defd71526dedb2b8c021da29cd44cba43540038909c86ce63e4868ccab5adb11491f647d204

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\build\Release\fribidi-0.dll
                Filesize

                112KB

                MD5

                0ba55cf64e6008dbda3a80f58691c49b

                SHA1

                a96721263db2349276fd73e963cc02d9668b8afc

                SHA256

                596c3826177f054343ddb4b102f2c4f9877cc3b819d40b9efa9def8464f4ac99

                SHA512

                18826693f08965186b680636d5aaf0feb4ec7028a5a20c12837897c77bfc7126c6af859840d91da375c15c23742a8d5b9af664880b238eade3d3828268111640

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\build\Release\gdk_pixbuf-2.0-0.dll
                Filesize

                202KB

                MD5

                96bc7cccd5789ae31deced5a31d96555

                SHA1

                481d3c5802403ba0d008d9da29795c2d0217dc6f

                SHA256

                bd80e15d01fa6ea5a299e5539686c1b670b2e810db692daac1d064196706af26

                SHA512

                6cf566860fc160570fd97b085c6a6ae7258bcdd31dab0fefd2be97ccee265c1f6780530891b8585bdaf933c385bcdddfa4fb59635cb7767dd6f56a730e719061

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\build\Release\gio-2.0-0.dll
                Filesize

                1.0MB

                MD5

                3e6a61d1cd9e5c32c302d2d97c4ade4e

                SHA1

                27c30d4fb5dfbac1874345abafefc8cb95df9251

                SHA256

                a3b60dfb17cfb05306028460bfd16042f408b3aa2b3b1d5d8fa9b3c07ecbdbd9

                SHA512

                8ce7094ae074f09ab87f4b6f678d172eef82b1ff60a2adbe7ace28f7f6bb17e472583682439189f5950427545053e68601c11e99dbdb5086e8cc8d45fab3537c

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\build\Release\glib-2.0-0.dll
                Filesize

                1.1MB

                MD5

                ca5f881510a620107365ec57452d2043

                SHA1

                579aa54652286d70b472709f31099d20e3f5f547

                SHA256

                f0fcf084aa25f7e4cb171acaedb6226ecb9ba09326cb327714bb750af584a368

                SHA512

                a7580c6f7ba1ba20fd119c4f619777bf8b83e591cf7522eb69e90fecdaee188d7dc3c6534d1a48e427066579bbaf2466c7cfa1cfc786c56298c45f8184a5ff6a

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\build\Release\gmodule-2.0-0.dll
                Filesize

                16KB

                MD5

                8428ec07e5b7bed384196c07355ed4bf

                SHA1

                30f764828941d0c6cf7efdf838e92ab43a149384

                SHA256

                d42dde5765ffd90ee40324b3adc4a83e722dabfce60f52884e5f349e147da760

                SHA512

                16a344ae72e7d545e52b7bf46008f5a956a5fb67906ca7891342e85b752f8dbefdfc9fe26bf0987e5a5b71280b606cacf2721c8ce9aa6017ebe19018626f1d09

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\build\Release\gobject-2.0-0.dll
                Filesize

                227KB

                MD5

                d27acccfdb8736f037656738f49259ce

                SHA1

                641a3bce6b5a54e158879326c9870ad4aae31327

                SHA256

                d764a740269f96b06ca5d7cce3c2b0a5321ac79ec0a24cba20c471cffc9fefdc

                SHA512

                5a2806debe451380664b9c3b65599759041d3085362bb75c70d8d02c196f152beb6a6e3b1d529a994004962525675ba20e8ad619bbd5c22c65c4859cc82b4d0e

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\build\Release\gstaudio-1.0-0.dll
                Filesize

                406KB

                MD5

                185362cfea8af82ea7b2e8db963acfe8

                SHA1

                efae0d5cbde6cb7c5bb2d503ddad69f399ca9e6c

                SHA256

                607ec3791c547199f205c3a3e185c18a6a4e03437cbc890ae6f54ffa0398e80b

                SHA512

                4948443e2a227e21943626ebbbf3dd4c9fccf984d666ef65b8d78c717e21194c6c92952e85db3e2074c581535b058625947f692c1f37ef406cb468de8fbc89b4

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\node_modules\@abandonware\bluetooth-hci-socket\build\Release\bluetooth_hci_socket.node
                Filesize

                412KB

                MD5

                1a9b739048e3a3a4bdd58f4ef0388abd

                SHA1

                70217170179a23198c8bc1c482b17eabe7a51f99

                SHA256

                f2816f28899bd75e2882dc1b975026dc19f895f586671a90300fae62893d1117

                SHA512

                e8dbef13e1b774b8949c281f89f4530f8de229ac1f10dfea3b182361e3f49e50b73638639af2222aa9db8d557c04c39084aba1f6889bf6e274c39f3486974f81

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\node_modules\@abandonware\bluetooth-hci-socket\lib\binding\bluetooth_hci_socket.node
                Filesize

                412KB

                MD5

                1a9b739048e3a3a4bdd58f4ef0388abd

                SHA1

                70217170179a23198c8bc1c482b17eabe7a51f99

                SHA256

                f2816f28899bd75e2882dc1b975026dc19f895f586671a90300fae62893d1117

                SHA512

                e8dbef13e1b774b8949c281f89f4530f8de229ac1f10dfea3b182361e3f49e50b73638639af2222aa9db8d557c04c39084aba1f6889bf6e274c39f3486974f81

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\2C62C40\resources\app.asar.unpacked\node_modules\noble-winrt\prebuilt\BLEServer.exe
                Filesize

                431KB

                MD5

                85ee2865815e88f879384f76611e4184

                SHA1

                8ade2ce698a923fa8319efe9336c14ce50a25710

                SHA256

                b930384becf0239a83b3a00853aae64c1354c26019ad131386823e403de326c7

                SHA512

                0cf47c866e7f5d597e830f7f8253ad56a09fbefdea7f6ef04969a5da8903a8205dccfb5540356010b77bfd1f48da28c2ecbeb43922be1f353d725f272776640b

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\decoder.dll
                Filesize

                206KB

                MD5

                40cea5eb829c3ba2e30ea635006cfeb2

                SHA1

                6710dfb83c99790ef0f5853c42a08ec09a2111ea

                SHA256

                1d757c73a19dcc9c36578be99c50624f937aca3ff0cfa82bece6aadbc633f4a7

                SHA512

                b7a003b14a2680696e7e9f178a345ebbafd7b4f818b8ce3eb681a13c2fb84c0bbb877158114c8c79de396533a2a491b9ee90d9fc434d0c3ff7ccaddbbeedfaa6

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\decoder.dll
                Filesize

                206KB

                MD5

                40cea5eb829c3ba2e30ea635006cfeb2

                SHA1

                6710dfb83c99790ef0f5853c42a08ec09a2111ea

                SHA256

                1d757c73a19dcc9c36578be99c50624f937aca3ff0cfa82bece6aadbc633f4a7

                SHA512

                b7a003b14a2680696e7e9f178a345ebbafd7b4f818b8ce3eb681a13c2fb84c0bbb877158114c8c79de396533a2a491b9ee90d9fc434d0c3ff7ccaddbbeedfaa6

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Vivi Corporation\Vivi 3.3.2\install\decoder.dll
                Filesize

                206KB

                MD5

                40cea5eb829c3ba2e30ea635006cfeb2

                SHA1

                6710dfb83c99790ef0f5853c42a08ec09a2111ea

                SHA256

                1d757c73a19dcc9c36578be99c50624f937aca3ff0cfa82bece6aadbc633f4a7

                SHA512

                b7a003b14a2680696e7e9f178a345ebbafd7b4f818b8ce3eb681a13c2fb84c0bbb877158114c8c79de396533a2a491b9ee90d9fc434d0c3ff7ccaddbbeedfaa6

                Download Submit
              • C:\Windows\Installer\MSIE71F.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Windows\Installer\MSIE71F.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Windows\Installer\MSIE81A.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Windows\Installer\MSIE81A.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Windows\Installer\MSIE898.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Windows\Installer\MSIE898.tmp
                Filesize

                540KB

                MD5

                dfc682d9f93d6dcd39524f1afcd0e00d

                SHA1

                adb81b1077d14dbe76d9ececfc3e027303075705

                SHA256

                f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

                SHA512

                52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

                Download Submit
              • C:\Windows\Installer\MSIE906.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Windows\Installer\MSIE906.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Windows\Installer\MSIE9B3.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Windows\Installer\MSIE9B3.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Windows\Installer\MSIEA22.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • C:\Windows\Installer\MSIEA22.tmp
                Filesize

                632KB

                MD5

                db4e30e47be69408ccdebffc517764c1

                SHA1

                9ab0db45e9c84670fe8a3181bf38511e8776815f

                SHA256

                3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

                SHA512

                a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

                Download Submit
              • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                Filesize

                23.0MB

                MD5

                fc991045e9d680a32bb77889223966c3

                SHA1

                87ab6d60d133d6d8a72c2fb25a62696d0da7de69

                SHA256

                b31dff1758fbc836837e9a4e1c4a36c847dd55c72ce3a9955a7cea3c1b34e3f9

                SHA512

                92620c124c064ce4daabdba3a77e7ce1ee4b8e3c922f90727bd5c4f406e5c066d5e0d5ca3c2340f1b5064dace27bb1d5a83cea80a7d06ed2f4aeec8aa5e948d8

                Download Submit
              • \??\Volume{06969d78-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{1084ca5a-0672-41a4-9f48-dd194f811900}_OnDiskSnapshotProp
                Filesize

                5KB

                MD5

                1fb3ed9bf4536783d8aa78813f75d764

                SHA1

                6564f43e1a03a6c29efd439da2ab9810c2a70f16

                SHA256

                949f2703802a34187c6cbacdd41332284c2264f8947a3501743fc13614a4f15a

                SHA512

                6166fb25507297953a90bef0e27738a7ca7a5ba5d7f0d03a16ba8aa24e82e6317be000a7cb1a7ec29825a5dd17602c39d27bfed2c8ba860387ab01c2b67e4aef

                Download Submit
              • memory/224-227-0x0000000000000000-mapping.dmp
                Download
              • memory/968-213-0x0000000000000000-mapping.dmp
                Download
              • memory/1000-212-0x0000000000000000-mapping.dmp
                Download
              • memory/1320-215-0x0000000140000000-0x000000014153D000-memory.dmp
                Filesize

                21.2MB

                Download
              • memory/1320-211-0x0000000140000000-0x000000014153D000-memory.dmp
                Filesize

                21.2MB

                Download
              • memory/1320-210-0x0000000000000000-mapping.dmp
                Download
              • memory/1584-203-0x0000000000000000-mapping.dmp
                Download
              • memory/1720-224-0x0000000000000000-mapping.dmp
                Download
              • memory/1736-209-0x0000000000000000-mapping.dmp
                Download
              • memory/1796-134-0x0000000000000000-mapping.dmp
                Download
              • memory/1848-230-0x0000000000000000-mapping.dmp
                Download
              • memory/1908-255-0x0000000073DD0000-0x0000000074124000-memory.dmp
                Filesize

                3.3MB

                Download
              • memory/1908-253-0x0000000000000000-mapping.dmp
                Download
              • memory/1908-254-0x0000000074990000-0x00000000749DC000-memory.dmp
                Filesize

                304KB

                Download
              • memory/2036-204-0x0000000000000000-mapping.dmp
                Download
              • memory/2688-214-0x0000000000000000-mapping.dmp
                Download
              • memory/2836-234-0x0000000000000000-mapping.dmp
                Download
              • memory/3044-139-0x0000000000000000-mapping.dmp
                Download
              • memory/3060-220-0x0000000140000000-0x000000014153D000-memory.dmp
                Filesize

                21.2MB

                Download
              • memory/3060-218-0x0000000140000000-0x000000014153D000-memory.dmp
                Filesize

                21.2MB

                Download
              • memory/3092-251-0x0000000074990000-0x00000000749DC000-memory.dmp
                Filesize

                304KB

                Download
              • memory/3092-252-0x000000006C6C0000-0x000000006CA14000-memory.dmp
                Filesize

                3.3MB

                Download
              • memory/3092-250-0x0000000000000000-mapping.dmp
                Download
              • memory/3112-256-0x0000000000000000-mapping.dmp
                Download
              • memory/3124-163-0x0000000000000000-mapping.dmp
                Download
              • memory/3212-207-0x0000000000000000-mapping.dmp
                Download
              • memory/3480-208-0x0000000000000000-mapping.dmp
                Download
              • memory/3836-206-0x0000000000000000-mapping.dmp
                Download
              • memory/4072-235-0x0000000005350000-0x0000000005386000-memory.dmp
                Filesize

                216KB

                Download
              • memory/4072-241-0x0000000006CD0000-0x0000000006D02000-memory.dmp
                Filesize

                200KB

                Download
              • memory/4072-244-0x0000000008050000-0x00000000086CA000-memory.dmp
                Filesize

                6.5MB

                Download
              • memory/4072-233-0x0000000000000000-mapping.dmp
                Download
              • memory/4072-245-0x0000000007A10000-0x0000000007A2A000-memory.dmp
                Filesize

                104KB

                Download
              • memory/4072-249-0x000000006C6C0000-0x000000006CA14000-memory.dmp
                Filesize

                3.3MB

                Download
              • memory/4072-236-0x0000000005AA0000-0x00000000060C8000-memory.dmp
                Filesize

                6.2MB

                Download
              • memory/4072-237-0x0000000005870000-0x0000000005892000-memory.dmp
                Filesize

                136KB

                Download
              • memory/4072-238-0x0000000005A10000-0x0000000005A76000-memory.dmp
                Filesize

                408KB

                Download
              • memory/4072-239-0x0000000006140000-0x00000000061A6000-memory.dmp
                Filesize

                408KB

                Download
              • memory/4072-240-0x00000000060D0000-0x00000000060EE000-memory.dmp
                Filesize

                120KB

                Download
              • memory/4072-248-0x0000000007C40000-0x0000000007C64000-memory.dmp
                Filesize

                144KB

                Download
              • memory/4072-242-0x0000000074990000-0x00000000749DC000-memory.dmp
                Filesize

                304KB

                Download
              • memory/4072-243-0x0000000006CB0000-0x0000000006CCE000-memory.dmp
                Filesize

                120KB

                Download
              • memory/4072-247-0x0000000007C10000-0x0000000007C3A000-memory.dmp
                Filesize

                168KB

                Download
              • memory/4072-246-0x00000000069C0000-0x00000000069CA000-memory.dmp
                Filesize

                40KB

                Download
              • memory/4192-232-0x0000000000000000-mapping.dmp
                Download
              • memory/4196-216-0x0000000000000000-mapping.dmp
                Download
              • memory/4196-217-0x0000000140000000-0x000000014153D000-memory.dmp
                Filesize

                21.2MB

                Download
              • memory/4196-219-0x0000000140000000-0x000000014153D000-memory.dmp
                Filesize

                21.2MB

                Download
              • memory/4524-201-0x0000000000000000-mapping.dmp
                Download
              • memory/4536-162-0x0000000000000000-mapping.dmp
                Download
              • memory/4548-222-0x0000000000000000-mapping.dmp
                Download
              • memory/4620-263-0x000000000E690000-0x000000000E932000-memory.dmp
                Filesize

                2.6MB

                Download
              • memory/4620-257-0x000000000D810000-0x000000000DFE2000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/4620-260-0x000000000E5A0000-0x000000000E690000-memory.dmp
                Filesize

                960KB

                Download
              • memory/4620-259-0x000000000DFF0000-0x000000000E598000-memory.dmp
                Filesize

                5.7MB

                Download
              • memory/4620-225-0x0000000000000000-mapping.dmp
                Download
              • memory/4848-205-0x0000000000000000-mapping.dmp
                Download
              • memory/5020-141-0x0000000000000000-mapping.dmp
                Download
              • memory/5092-202-0x0000000000000000-mapping.dmp
                Download