524d6f5b09f12f6040a63b6cfe9236e76d09e850ea80312f58f66b076fd9dfb3

Analysis

max time kernel
70s
max time network
66s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23-03-2023 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MovaviScreenRecorderSetupC_Wphhzpm_.exe
Size

46.2MB
MD5

343a610f18d61637c8b1cb5d17ca0c9b
SHA1

d7895871e082cea1104266c9956c000d6b4e6f17
SHA256

524d6f5b09f12f6040a63b6cfe9236e76d09e850ea80312f58f66b076fd9dfb3
SHA512

149290e6838bbc1bf2fd176ff4b7e8b1e09fb11192c188fa025132475a7973d13276601de34c363eb29d96b28754f5a32f1d45a2bfe9382ae04d8789f24fec1c
SSDEEP

786432:nrXrcYApXFBkbAdw4cgcYANJ1/Vvvs3EY/z3s/ZPv7GTR5zahiVGyg1td7AltWR5:nrbK1AxTgcYm59vs1/Dst7GbcaFGVA6P

Score

9^/10

bootkit discovery evasion persistence trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

InstallerGUI.exeScreenRecorder.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	InstallerGUI.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ScreenRecorder.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

InstallerGUI.exeScreenRecorder.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	InstallerGUI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	InstallerGUI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ScreenRecorder.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	ScreenRecorder.exe

Executes dropped EXE 9 IoCs

Processes:

InstallerGUI.exeMovaviStatistics.exeMovaviStatistics.exeMovaviStatistics.exeMovaviStatistics.exeMovaviStatistics.exeScreenRecorder.exeMovaviStatistics.execrashpad_handler.exe

pid	process
1180	InstallerGUI.exe
1976	MovaviStatistics.exe
856	MovaviStatistics.exe
684	MovaviStatistics.exe
1988	MovaviStatistics.exe
1948	MovaviStatistics.exe
864	ScreenRecorder.exe
628	MovaviStatistics.exe
1564	crashpad_handler.exe

Identifies Wine through registry keys 2 TTPs 2 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

InstallerGUI.exeScreenRecorder.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Wine	InstallerGUI.exe
Key opened	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Wine	ScreenRecorder.exe

Loads dropped DLL 64 IoCs

Processes:

MovaviScreenRecorderSetupC_Wphhzpm_.exeInstallerGUI.exe

pid	process
1196	MovaviScreenRecorderSetupC_Wphhzpm_.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

InstallerGUI.exeScreenRecorder.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	InstallerGUI.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ScreenRecorder.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

InstallerGUI.exeScreenRecorder.exe

description ioc process

File opened for modification \??\PhysicalDrive0 InstallerGUI.exe
File opened for modification \??\PhysicalDrive0 ScreenRecorder.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Processes:

InstallerGUI.exeScreenRecorder.exe

pid process

1180 InstallerGUI.exe
864 ScreenRecorder.exe
864 ScreenRecorder.exe
Drops file in Windows directory 1 IoCs

Processes:

InstallerGUI.exe

description ioc process

File opened for modification C:\Windows\install09299.log InstallerGUI.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\PhysicalDrive0	InstallerGUI.exe
File opened for modification	\??\PhysicalDrive0	ScreenRecorder.exe

description	ioc	process
File opened for modification	C:\Windows\install09299.log	InstallerGUI.exe

Modifies registry class 26 IoCs

Processes:

InstallerGUI.exeScreenRecorder.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\screenrecorder\shell\open	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D14533E0-82A4-CE33-7E2E-34B1CC93}\ProdID = 746f175fa64c00ec90a11b328202fbbe	ScreenRecorder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{15F0E54A-88F4-8B79-0D39-EE8ADEA8}	ScreenRecorder.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6C5A016-A8C1-2BEA-18E9-86186C45}\ProdID = 317125d6e04ff8931028f847bdf4da01	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D14533E0-82A4-CE33-7E2E-34B1CC93}\ProdID = 94ee0dab448bfe6bacdf0108dc790ac7	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache	InstallerGUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\screenrecorder\URL Protocol	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{15F0E54A-88F4-8B79-0D39-EE8ADEA8}\ProdID = ee8523e68cf42d84729925e2f6c7d377	ScreenRecorder.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{478F92A4-548C-55A6-D94E-18382762}\ProdID = 982d931c1228e66b081407367af14d84	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D14533E0-82A4-CE33-7E2E-34B1CC93}\ProdID = 68328d244a97fd1be8d3fc778a4e088f	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{15F0E54A-88F4-8B79-0D39-EE8ADEA8}\ProdID = 70651dead65200a4aca70552fa0ec76b	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\screenrecorder\shell	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\screenrecorder\shell\open\command	InstallerGUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\screenrecorder\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Movavi Screen Recorder 23\\MovaviLinkHelper.exe\" \"%1\""	InstallerGUI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D14533E0-82A4-CE33-7E2E-34B1CC93}	ScreenRecorder.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D14533E0-82A4-CE33-7E2E-34B1CC93}\ProdID = d488050088ec0d70749523a4a8afe7b3	ScreenRecorder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6C5A016-A8C1-2BEA-18E9-86186C45}	InstallerGUI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D14533E0-82A4-CE33-7E2E-34B1CC93}	InstallerGUI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{15F0E54A-88F4-8B79-0D39-EE8ADEA8}	InstallerGUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\screenrecorder\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\Movavi Screen Recorder 23\\MovaviLinkHelper.exe,0"	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\screenrecorder\shell\open\command\	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{15F0E54A-88F4-8B79-0D39-EE8ADEA8}\ProdID = 4c94e5e588e3cd2f64ace37320bbc799	ScreenRecorder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{478F92A4-548C-55A6-D94E-18382762}	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{15F0E54A-88F4-8B79-0D39-EE8ADEA8}\ProdID = 6c8bdc15b49400846c21fde7b416d931	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\screenrecorder	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\screenrecorder\DefaultIcon\	InstallerGUI.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

InstallerGUI.exeScreenRecorder.exe

pid process

1180 InstallerGUI.exe
864 ScreenRecorder.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

InstallerGUI.exeScreenRecorder.exe

pid	process
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
1180	InstallerGUI.exe
864	ScreenRecorder.exe
864	ScreenRecorder.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

InstallerGUI.exe

pid process

1180 InstallerGUI.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

InstallerGUI.exeMovaviStatistics.exeMovaviStatistics.exeMovaviStatistics.exeScreenRecorder.exe

pid	process
1180	InstallerGUI.exe
1976	MovaviStatistics.exe
1976	MovaviStatistics.exe
1976	MovaviStatistics.exe
1988	MovaviStatistics.exe
1988	MovaviStatistics.exe
1988	MovaviStatistics.exe
1988	MovaviStatistics.exe
1988	MovaviStatistics.exe
628	MovaviStatistics.exe
628	MovaviStatistics.exe
628	MovaviStatistics.exe
628	MovaviStatistics.exe
864	ScreenRecorder.exe

Suspicious use of WriteProcessMemory 39 IoCs

Processes:

MovaviScreenRecorderSetupC_Wphhzpm_.exeInstallerGUI.exeScreenRecorder.exe

description	pid	process	target process
PID 1196 wrote to memory of 1180	1196	MovaviScreenRecorderSetupC_Wphhzpm_.exe	InstallerGUI.exe
PID 1196 wrote to memory of 1180	1196	MovaviScreenRecorderSetupC_Wphhzpm_.exe	InstallerGUI.exe
PID 1196 wrote to memory of 1180	1196	MovaviScreenRecorderSetupC_Wphhzpm_.exe	InstallerGUI.exe
PID 1196 wrote to memory of 1180	1196	MovaviScreenRecorderSetupC_Wphhzpm_.exe	InstallerGUI.exe
PID 1196 wrote to memory of 1180	1196	MovaviScreenRecorderSetupC_Wphhzpm_.exe	InstallerGUI.exe
PID 1196 wrote to memory of 1180	1196	MovaviScreenRecorderSetupC_Wphhzpm_.exe	InstallerGUI.exe
PID 1196 wrote to memory of 1180	1196	MovaviScreenRecorderSetupC_Wphhzpm_.exe	InstallerGUI.exe
PID 1180 wrote to memory of 1976	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 1976	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 1976	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 1976	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 856	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 856	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 856	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 856	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 684	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 684	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 684	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 684	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 1988	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 1988	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 1988	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 1988	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 1948	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 1948	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 1948	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 1948	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 864	1180	InstallerGUI.exe	ScreenRecorder.exe
PID 1180 wrote to memory of 864	1180	InstallerGUI.exe	ScreenRecorder.exe
PID 1180 wrote to memory of 864	1180	InstallerGUI.exe	ScreenRecorder.exe
PID 1180 wrote to memory of 864	1180	InstallerGUI.exe	ScreenRecorder.exe
PID 1180 wrote to memory of 628	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 628	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 628	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 1180 wrote to memory of 628	1180	InstallerGUI.exe	MovaviStatistics.exe
PID 864 wrote to memory of 1564	864	ScreenRecorder.exe	crashpad_handler.exe
PID 864 wrote to memory of 1564	864	ScreenRecorder.exe	crashpad_handler.exe
PID 864 wrote to memory of 1564	864	ScreenRecorder.exe	crashpad_handler.exe
PID 864 wrote to memory of 1564	864	ScreenRecorder.exe	crashpad_handler.exe

C:\Users\Admin\AppData\Local\Temp\MovaviScreenRecorderSetupC_Wphhzpm_.exe
"C:\Users\Admin\AppData\Local\Temp\MovaviScreenRecorderSetupC_Wphhzpm_.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1196

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\InstallerGUI.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\InstallerGUI.exe "--distrib-name=C:\Users\Admin\AppData\Local\Temp\MovaviScreenRecorderSetupC_Wphhzpm_.exe"
2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1180

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe 1f9b651b711374e5e0e52e3d0a1467dc SCREEN_RECORDER_WIN Movavi 23.0.1.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Screen Recorder 23/cache\1f9b651b711374e5e0e52e3d0a1467dc\23.0.1.0"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe 1f9b651b711374e5e0e52e3d0a1467dc SCREEN_RECORDER_WIN Movavi 23.0.1.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Screen Recorder 23/cache\1f9b651b711374e5e0e52e3d0a1467dc\23.0.1.0"
3⤵
- Executes dropped EXE
PID:856

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe 1f9b651b711374e5e0e52e3d0a1467dc SCREEN_RECORDER_WIN Movavi 23.0.1.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Screen Recorder 23/cache\1f9b651b711374e5e0e52e3d0a1467dc\23.0.1.0"
3⤵
- Executes dropped EXE
PID:684

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe 1f9b651b711374e5e0e52e3d0a1467dc SCREEN_RECORDER_WIN Movavi 23.0.1.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Screen Recorder 23/cache\1f9b651b711374e5e0e52e3d0a1467dc\23.0.1.0"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe 1f9b651b711374e5e0e52e3d0a1467dc SCREEN_RECORDER_WIN Movavi 23.0.1.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Screen Recorder 23/cache\1f9b651b711374e5e0e52e3d0a1467dc\23.0.1.0"
3⤵
- Executes dropped EXE
PID:1948

C:\Users\Admin\AppData\Roaming\Movavi Screen Recorder 23\ScreenRecorder.exe
"C:\Users\Admin\AppData\Roaming\Movavi Screen Recorder 23\ScreenRecorder.exe"
3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:864

C:\Users\Admin\AppData\Roaming\Movavi Screen Recorder 23\crashpad_handler.exe
"C:\Users\Admin\AppData\Roaming\Movavi Screen Recorder 23\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Local\Movavi\Sentry\srecorder\23.0.1\0.5.0 --metrics-dir=C:\Users\Admin\AppData\Local\Movavi\Sentry\srecorder\23.0.1\0.5.0 --url=https://o474997.ingest.sentry.io:443/api/6722886/minidump/?sentry_client=sentry.native/0.5.0&sentry_key=efd734a5571847f9898ad7d344697c10 --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\srecorder\23.0.1\0.5.0\b4255ea8-1f21-4951-3829-4c0207b700bf.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\srecorder\23.0.1\0.5.0\b4255ea8-1f21-4951-3829-4c0207b700bf.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\srecorder\23.0.1\0.5.0\b4255ea8-1f21-4951-3829-4c0207b700bf.run\__sentry-breadcrumb2 --initial-client-data=0x1f4,0x1f8,0x1fc,0x1c8,0x200,0x686354f0,0x68635504,0x68635514
4⤵
- Executes dropped EXE
PID:1564

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MovaviStatistics.exe 1f9b651b711374e5e0e52e3d0a1467dc SCREEN_RECORDER_WIN Movavi 23.0.1.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Screen Recorder 23/cache\1f9b651b711374e5e0e52e3d0a1467dc\23.0.1.0"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:628

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\Application.dll
Filesize
4.0MB

MD5
1dcb951ffdabee0e0362883c274a8bb5

SHA1
f64af527ed9e13bbabd5415c2739b35550769e4e

SHA256
110957dbfb528ed272bb85b1825ead491f4da7c35776c6a88715c4d2fa15380f

SHA512
09eafced6356c447373475d867f00586f8e16112eb8fd06b0da97f284e3f1d38fbb91a17d7fae09ea074b624ffb657829a0b7f3a48c2d4b7d7a392f1166dcf7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndException.dll
Filesize
98KB

MD5
5b3df0302a763b6964cba8360bbc17f3

SHA1
c7caf6655c54f469a80e0dd7d60a3b52bf22375c

SHA256
12544bdb64de307050bdbbfc065934b6fc3bfa9fac0975ca6ee15d529221a7d5

SHA512
281e18d1dd616535a2cb54d460280f711287b2e594a1d49549f173687ce89100e3cb35d08d24b2b16f83316c7b1d60334799a9f013e0b30320b9af320ecd25e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndFilesystem.dll
Filesize
229KB

MD5
72e5f53d7669cfc3a189918eda137a6a

SHA1
50aff7beab89a1772bd327006a02a7dd5a04d5af

SHA256
a91670f2583e3ac49c4c488d2476e08aed93a8b05addbc1cebc701b8d5e31297

SHA512
34157db7c652c5de7ec0ab2431391b5a5c72900231d54b073dbf0f50808be304729cbdb9ff4fed9cbfe84e1d5c5a6424391c5431014bffb037e38c0afc45283e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndHash.dll
Filesize
74KB

MD5
d1edd828192b462cd580c2b4583c6eb7

SHA1
ca2aed00fa1473dbd8d0445de84eeb6ab74a3523

SHA256
c9f3ae3939283c398d454dc6b8b871aa34cae99a9ec40babcab6a7ff0f322654

SHA512
10bf10645b67b95e4c1bf526a9f06d1e87fefa017ba6f42595a37bb2c8f262d5eef926ca35638d9d7353ec996a99e44a8cede01565740f6f227cbf392b95eae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndIO.dll
Filesize
361KB

MD5
af95dab58c1de2f774d825bff2fc6512

SHA1
43dc71738c6a53b90a912128dd737b1e6c60fb87

SHA256
1f234182f256a8ee34855add4e94007eb6dd70496e15a1e3ca235a4ef3df92c1

SHA512
b2e1b5ffc42972ae9bfc8a2f04e4ca39b7ffb8c772c458f63cdae64156557af2a26f01ddb27d84554372c8518c725cded1ba63fda2e8c8788d6def4dc7f86ad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndPointer.dll
Filesize
23KB

MD5
9509c25ace8148d3b455c99a560e6a8b

SHA1
359d332503957b7ee27c2cae7ceea4d103883b97

SHA256
5238b77ccb6362496482c3bfa897aa812d21b5adbfd71a5d7797bbb8a430a887

SHA512
12e074113f461864bb0fab9209ac0ebbdef39f77e4c1a8c2de662dcf9e242b842c521bc10706a28d1a87e65e5595c9b1236facf1235d44149b6d8008e6b746e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndProperty.dll
Filesize
377KB

MD5
445525e0843697044849c100544377be

SHA1
5d54e2775bdccad7416fad035563e3130d19741e

SHA256
4a7d2350996874b05dafe565a17f8917f89dc5d6d77a7db438c9095d6172a32d

SHA512
159fb3d47c3dc1efb2ccb29ff72134197c63f9482d97cb59f3555b3bb6a9fd76727c8abda144e2dcf42f726ede7a3fb3161b46814046b0fa2c3f4b64f8c66ce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndString.dll
Filesize
39KB

MD5
ef439c46992c66b445e49c4af9c52f26

SHA1
3a1a66346d562e929322e6bc47bc9c28dbaa21cf

SHA256
b3f09c48482807da80f0935f1eb4df49b03a69142d37dfc60deac9ae9ea595f2

SHA512
7d2861b5c8fd607daba11b31d56327f0e20bdecaad2ce75db19ade939ffdcf724f545258e0a2b5f47a58cb8de870720f41e6aedfc69db37d6adf1a18d312a91c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\InstallerGUI.exe
Filesize
1.2MB

MD5
9e30444b0bd08479950f6a271e821884

SHA1
8d7388ed1c80af02dab7d4cb83ee4c8a2a0f73cc

SHA256
bc27a1dd600c3ed8c096713542db54e565716bb9e097101b2df14af30fe88c34

SHA512
504214ba2d3be8c89914a9c89bf3436ab4af8c8e9f34f3847c212ac3e27431fb45238c8bcb358bcad88cd992983bd7e0e3aa69e7db30ac37e09a9bbab957951c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\InstallerLib.dll
Filesize
3.2MB

MD5
6d6261b516a70aa19abda3b461635840

SHA1
8667257deba530c1d32906a63e319e72ca991b05

SHA256
6fa68da880e27ca766e793b5ec9db2fe44886ebbb5790d8af83b29ee2649bc69

SHA512
45259b8a3d90b1a695400bea5cafea287ef582552901bcaa0f490b23ccb921d367444bf0a5d0b771ed8fdf37646fcda2571e46e7fb66dd7ad55dc0b7b97ebc1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\MSVCP140.dll
Filesize
426KB

MD5
cda398e97840ad97553ca9881978f450

SHA1
2c5f2323f9994bba28f617b2c00a9acff7aaf2bb

SHA256
5e78aaaf2096946c01c3fa196b3db97883b5c01d3858d3bd80387328f78290f8

SHA512
e841665910a3fa51a3fd3387761b374178a34e20227fd743f3c23dccf81514c4baf687b94aa7ec01267e1985f3313e29c2a9071ef26c80cce0072b7f457bb5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\VCRUNTIME140.dll
Filesize
74KB

MD5
f8adfdeeb3e9e25cc53c68de8ab8ee93

SHA1
dbcfa1979eacd7e6e5731b1ddff3fe7d742d5a41

SHA256
08de0ede013d83f2e911e9147e8056bb71d387ac217c6ce27cf273f9fc826f5e

SHA512
fd8b5ea1775df347c28904a2567e8ef4403fb29cb205fa85681fb6e026c427d375694a4f94305a4a0a1b4e6f205098c21f31046cae85646e66a2975ba7a62baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-file-l1-2-0.dll
Filesize
10KB

MD5
7d64aefb7e8b31292da55c6e12808cdb

SHA1
568c2a19a33bb18a3c6e19c670945630b9687d50

SHA256
62a4810420d997c7fdd9e86a42917a44b78fb367a9d3c0a204e44b3ff05de6d4

SHA512
68479da21f3a2246d60db8afd2ae3383a430c61458089179c35df3e25ca1a15eba86a2a473e661c1364613baa93dcb38652443eb5c5d484b571ab30728598f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-file-l2-1-0.dll
Filesize
10KB

MD5
dcd09014f2b8041e89270fecd2c078b2

SHA1
b9f08affdd9ff5622c16561e6a6e6120a786e315

SHA256
6572965fd3909af60310db1e00c8820b2deef4864612e757d3babab896f59ed7

SHA512
ef2ac73100184e6d80e03ce5aa089dbddb9e2a52adf878c34b7683274f879dcf2b066491cfc666f26453acbd44543d9741f36369015bd5d07e36b49d435751f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-localization-l1-2-0.dll
Filesize
13KB

MD5
3979437d6817cdf82da474c8a1eefb0d

SHA1
5e96fe40993acbc7c2e9a104d51a728950ad872e

SHA256
3dd2e16b6f135cdd45bce4065f6493540ebbaf2f7f1553085a2442ea2cf80a10

SHA512
4f64c6d232fdae3e7e583cb1aa39878abbfbbc9466108b97a5dce089c35eb30af502b5b212b043c27c1b12b23c165bd2b559060c43d9e2efcdda777b34f0066b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
11KB

MD5
4da67feefeb86b58a20b3482b93285b3

SHA1
6cd7f344d7ca70cf983caddb88ff6baa40385ef1

SHA256
3a5d176b1f2c97bca7d4e7a52590b84b726796191ae892d38ad757fd595f414d

SHA512
b9f420d30143cf3f5c919fa454616765602f27c678787d34f502943567e3e5dfb068fec8190fea6fa8db70153ed620eb4fe5dc3092f9b35b7d46b00cc238e3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-synch-l1-2-0.dll
Filesize
11KB

MD5
c250b2e4ff04d22306bf8ce286afd158

SHA1
e5c60b7892ff64cbff02d551f9dbf25218c8195b

SHA256
42367b6b7285bddc185c0badefe49e883646f574b1d7d832c226f2d1ce489c5b

SHA512
a78c4ddf98330698c9da8d1d2c7c3176f22dfabf0900008cff1f294f56a2a14b52becd09ba37a065d544f58617911b3f5850614b5aabd0ec7daf236f29c9b10b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-timezone-l1-1-0.dll
Filesize
11KB

MD5
3339350008a663975ba4953018c38673

SHA1
78614a1aad7fc83d6999dcc0f467b43693be3d47

SHA256
4f77abb5c5014769f907a194fd2e43b3c977df1fb87f8c98dd15a7b950d1e092

SHA512
a303fd57dd59f478a8d6c66785768886509625a2baf8bf2b357bb249fc93f193ac8c5c2c9193e53738805700e49b941bf741d6c4850a43f29a82424ccdda191b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-convert-l1-1-0.dll
Filesize
14KB

MD5
392b572dc6275d079270ad8e751a2433

SHA1
8347bba17ed3e7d5c2491f2177af3f35881e4420

SHA256
347ceeb26c97124fb49add1e773e24883e84bf9e23204291066855cd0baea173

SHA512
dbdbd159b428d177c5f5b57620da18a509350707881fb5040ac10faf2228c2ccfd6126ea062c5dd4d13998624a4f5745ed947118e8a1220190fdb93b6a3c20b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-environment-l1-1-0.dll
Filesize
11KB

MD5
9806f2f88ba292b8542a964c0b102876

SHA1
c02e1541a264a04963add31d2043fa954b069b6b

SHA256
cf601a7b883bb4fb87c28b4a1d9f823d2454b298cdbcb4da4f508db8bd1278ba

SHA512
d68cb926de3caa498ad2aea60e2c5dbb72f30836a6ad9bb11a48f2ca706656981d9332dae44769ccf6f8de3b2ea1507983440afbe1322520f2fd1674cd8de823

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
12KB

MD5
1747189e90f6d3677c27dc77382699d8

SHA1
17e07200fc40914e9aa5cbfc9987117b4dc8db02

SHA256
6cc23b34f63ba8861742c207f0020f7b89530d6cdd8469c567246a5879d62b82

SHA512
d2cc7223819b9109b7ce2475dfb2a58da78d0d3d606b05b6f24895d2f05fb1b83ee4c1d7a863f3c3488f5d1b014cd5b429070577bd53d00bb1e0a0a9b958f0b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-heap-l1-1-0.dll
Filesize
11KB

MD5
1bcb55590ab80c2c78f8ce71eadeb3dc

SHA1
8625e6ed37c1a5678c3b4713801599f792dc1367

SHA256
a3f13fa93131a17e05ad0c4253c34b4db30d15eae2b43c9d7ec56fdc6709d371

SHA512
d80374ec9b17692b157031f771c6c86dc52247c3298594a936067473528bbb511be4e033203144bbf2ec2acfd7e3e935f898c945eb864dcf8b43ae48e3754439

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-locale-l1-1-0.dll
Filesize
11KB

MD5
7481e20041cf8e366d737962d23ec9de

SHA1
a13c9a2d6cf6c92050eaae5ecb090a401359d992

SHA256
4615ec9effc0c27fc0cfd23ad9d87534cbe745998b7d318ae84ece5ea1338551

SHA512
f7a8e381d1ac2704d61258728a9175834cf414f7f2ff79bd8853e8359d6468839585cb643f0871334b943b0f7b0d868e077f6bd3f61668e54785ee8b94bf7903

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-math-l1-1-0.dll
Filesize
21KB

MD5
f4e9937296ec528938a3c28a48687f5c

SHA1
961390a2c5e08336857c8a39b254b2bfe3d8bdc6

SHA256
190a2cc8c8e47fcd4d07b4e260e247fb3b5fb4661aa50f7b05158cd062d80762

SHA512
00ccf9326e593236f57c39ffcd3ab1a77c54755c5f938207ad548d64d60a7468ea21f6e340d385e6576bb049bca1dd318da572c5808c353dda1c4629fd99bc42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
15KB

MD5
047c779f39ebb4f57020cd5b6fb2d083

SHA1
440077fc83d1c756fe24f9fb5eae67c5e4abd709

SHA256
078d2551f53ca55715f5c6a045de1260ce331b97fd6d047f8455e06d97ef88dc

SHA512
95a57d79c47d11f43796aea8fd1183d3db9448dee60530144b64a2dd3cd863f5b413356076c26101d96dd007ebf8aff9e23cf721ba4e03d932c333b8e5536b73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
16KB

MD5
10e9dfc88bf784847e7b9aab82e28d0c

SHA1
cb750cf87d561ca32f5860854da374dae6c9f2ad

SHA256
e6bab87156c9e7ae14ce36a754eb6891891a22ddfff584b706538152017fbb0f

SHA512
29c2edb44cada75ee8ccae1b55a405c8282c937450913196d54b6da1a1e121451c6e14a92a200574984961fa8c649d8a40caf58ea50a33d42a7dfae4439091c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-string-l1-1-0.dll
Filesize
17KB

MD5
1f1d50aa4553e77f6b90ae13bd56a95c

SHA1
cf421a298f485c2a000791e1840ededeea19bad0

SHA256
d343529d2a49cbb89d644deafce573b873ab45e0bf57e2d906b2f2a964d7bd9a

SHA512
a08bdcc2883066a8bdb9336eec5c7f8593202c367ce75a7d7390ed4c6e0e1dbe80b7afadeee78f12ac0386d70ac360af12bf0ff3285acda0425789038951f180

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-time-l1-1-0.dll
Filesize
13KB

MD5
fa5327c2a3d284385d8dc3d65935604b

SHA1
a878b7cdf4ad027422e0e2182dad694ed436e949

SHA256
704ad27cab084be488b5757395ad5129e28f57a7c6680976af0f096b3d536e66

SHA512
473ff715f73839b766b5f28555a861d03b009c6b26c225bc104f4aab4e4ea766803f38000b444d4d433ff9ea68a3f940e66792bae1826781342f475860973816

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-utility-l1-1-0.dll
Filesize
11KB

MD5
cefab9071ec289d88bb312816e62ca82

SHA1
bd95bd97332ea21506171924acde4f4248a2ee6a

SHA256
340ced80fbcfca804925ff680da1929f68b95959fd7e4d0c9f67322bb5fe2155

SHA512
03c4b2b155392dc02370994d28b78d18c38ccbb0c594866ae31db54111f0f18e264e1378acde0f2638e19871d7e3df7ca3365ad63c0de689c331f6e5b14e3582

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\boost_filesystem-mt-x32.dll
Filesize
121KB

MD5
71d906452c81c293973abd1889de0a88

SHA1
1045c191d7a6759bdacb1d337bdf85036a03a7c6

SHA256
b67ec6ae222604bf02ee1a450728228cca006130c8a0ad98fd846aab6b3b8e9b

SHA512
0a02d6adec9b1cff661d5624557b874e50d063e32a6b1624348c6f56a19670f38cf682e846fccff826e7acb927a6d3cc8a0fb53692f0e0044bfce9014bb46c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\glog.dll
Filesize
96KB

MD5
05c223735bce6e206eda08816eee4a5b

SHA1
4c984a280a3de9da96ec80e6b64a4c5ee0f81c7d

SHA256
80d5376d4631d7939ffd92c750cf5b34dc2bb6404555f45e89803f4a7e832dfb

SHA512
42184e055f329a5fe75f7c8e04e6fe7d6f63c7aeb7c9cf97eeb2e5d022494858815fc6d140e0ab1c713f1a337d910d2a538484575bf487e15c4becd30ad01bfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\ucrtbase.DLL
Filesize
1.1MB

MD5
126fb99e7037b6a56a14d701fd27178b

SHA1
0969f27c4a0d8270c34edb342510de4f388752cd

SHA256
10f8f24aa678db8e38e6917748c52bbcd219161b9a07286d6f8093ab1d0318fa

SHA512
d787a9530bce036d405988770621b6f15162347a892506ce637839ac83ac6c23001dc5b2292afd652e0804bd327a7536d5f1b92412697c3be335a03133d5fe17

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Screen Recorder 23\ScreenRecorder.exe
Filesize
8.5MB

MD5
90fd91d6a6379576de2777afd3d56c6b

SHA1
c323a8fc2efed270ea8fa579e74584a670a5fde0

SHA256
be6b10b77adfa2d0bf78ec4f42ce4a484e72d19e956a1a4201cff3189c5ad5bc

SHA512
7ecd51ae9de9229acfcc5e7bb21243929b832a92526bcecfa9769a3ce8246b67cb64f7184d11b38b501018fe93fcf4fc8e7b11f132e31b24ddf2b2c5236eef27

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Screen Recorder 23\uninst.exe
Filesize
1.2MB

MD5
9e30444b0bd08479950f6a271e821884

SHA1
8d7388ed1c80af02dab7d4cb83ee4c8a2a0f73cc

SHA256
bc27a1dd600c3ed8c096713542db54e565716bb9e097101b2df14af30fe88c34

SHA512
504214ba2d3be8c89914a9c89bf3436ab4af8c8e9f34f3847c212ac3e27431fb45238c8bcb358bcad88cd992983bd7e0e3aa69e7db30ac37e09a9bbab957951c

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\Application.dll
Filesize
4.0MB

MD5
1dcb951ffdabee0e0362883c274a8bb5

SHA1
f64af527ed9e13bbabd5415c2739b35550769e4e

SHA256
110957dbfb528ed272bb85b1825ead491f4da7c35776c6a88715c4d2fa15380f

SHA512
09eafced6356c447373475d867f00586f8e16112eb8fd06b0da97f284e3f1d38fbb91a17d7fae09ea074b624ffb657829a0b7f3a48c2d4b7d7a392f1166dcf7f

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndException.dll
Filesize
98KB

MD5
5b3df0302a763b6964cba8360bbc17f3

SHA1
c7caf6655c54f469a80e0dd7d60a3b52bf22375c

SHA256
12544bdb64de307050bdbbfc065934b6fc3bfa9fac0975ca6ee15d529221a7d5

SHA512
281e18d1dd616535a2cb54d460280f711287b2e594a1d49549f173687ce89100e3cb35d08d24b2b16f83316c7b1d60334799a9f013e0b30320b9af320ecd25e4

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndFilesystem.dll
Filesize
229KB

MD5
72e5f53d7669cfc3a189918eda137a6a

SHA1
50aff7beab89a1772bd327006a02a7dd5a04d5af

SHA256
a91670f2583e3ac49c4c488d2476e08aed93a8b05addbc1cebc701b8d5e31297

SHA512
34157db7c652c5de7ec0ab2431391b5a5c72900231d54b073dbf0f50808be304729cbdb9ff4fed9cbfe84e1d5c5a6424391c5431014bffb037e38c0afc45283e

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndHash.dll
Filesize
74KB

MD5
d1edd828192b462cd580c2b4583c6eb7

SHA1
ca2aed00fa1473dbd8d0445de84eeb6ab74a3523

SHA256
c9f3ae3939283c398d454dc6b8b871aa34cae99a9ec40babcab6a7ff0f322654

SHA512
10bf10645b67b95e4c1bf526a9f06d1e87fefa017ba6f42595a37bb2c8f262d5eef926ca35638d9d7353ec996a99e44a8cede01565740f6f227cbf392b95eae2

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndIO.dll
Filesize
361KB

MD5
af95dab58c1de2f774d825bff2fc6512

SHA1
43dc71738c6a53b90a912128dd737b1e6c60fb87

SHA256
1f234182f256a8ee34855add4e94007eb6dd70496e15a1e3ca235a4ef3df92c1

SHA512
b2e1b5ffc42972ae9bfc8a2f04e4ca39b7ffb8c772c458f63cdae64156557af2a26f01ddb27d84554372c8518c725cded1ba63fda2e8c8788d6def4dc7f86ad8

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndPointer.dll
Filesize
23KB

MD5
9509c25ace8148d3b455c99a560e6a8b

SHA1
359d332503957b7ee27c2cae7ceea4d103883b97

SHA256
5238b77ccb6362496482c3bfa897aa812d21b5adbfd71a5d7797bbb8a430a887

SHA512
12e074113f461864bb0fab9209ac0ebbdef39f77e4c1a8c2de662dcf9e242b842c521bc10706a28d1a87e65e5595c9b1236facf1235d44149b6d8008e6b746e4

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndProperty.dll
Filesize
377KB

MD5
445525e0843697044849c100544377be

SHA1
5d54e2775bdccad7416fad035563e3130d19741e

SHA256
4a7d2350996874b05dafe565a17f8917f89dc5d6d77a7db438c9095d6172a32d

SHA512
159fb3d47c3dc1efb2ccb29ff72134197c63f9482d97cb59f3555b3bb6a9fd76727c8abda144e2dcf42f726ede7a3fb3161b46814046b0fa2c3f4b64f8c66ce6

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\FndString.dll
Filesize
39KB

MD5
ef439c46992c66b445e49c4af9c52f26

SHA1
3a1a66346d562e929322e6bc47bc9c28dbaa21cf

SHA256
b3f09c48482807da80f0935f1eb4df49b03a69142d37dfc60deac9ae9ea595f2

SHA512
7d2861b5c8fd607daba11b31d56327f0e20bdecaad2ce75db19ade939ffdcf724f545258e0a2b5f47a58cb8de870720f41e6aedfc69db37d6adf1a18d312a91c

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\InstallerGUI.exe
Filesize
1.2MB

MD5
9e30444b0bd08479950f6a271e821884

SHA1
8d7388ed1c80af02dab7d4cb83ee4c8a2a0f73cc

SHA256
bc27a1dd600c3ed8c096713542db54e565716bb9e097101b2df14af30fe88c34

SHA512
504214ba2d3be8c89914a9c89bf3436ab4af8c8e9f34f3847c212ac3e27431fb45238c8bcb358bcad88cd992983bd7e0e3aa69e7db30ac37e09a9bbab957951c

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\InstallerLib.dll
Filesize
3.2MB

MD5
6d6261b516a70aa19abda3b461635840

SHA1
8667257deba530c1d32906a63e319e72ca991b05

SHA256
6fa68da880e27ca766e793b5ec9db2fe44886ebbb5790d8af83b29ee2649bc69

SHA512
45259b8a3d90b1a695400bea5cafea287ef582552901bcaa0f490b23ccb921d367444bf0a5d0b771ed8fdf37646fcda2571e46e7fb66dd7ad55dc0b7b97ebc1a

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-file-l1-2-0.dll
Filesize
10KB

MD5
7d64aefb7e8b31292da55c6e12808cdb

SHA1
568c2a19a33bb18a3c6e19c670945630b9687d50

SHA256
62a4810420d997c7fdd9e86a42917a44b78fb367a9d3c0a204e44b3ff05de6d4

SHA512
68479da21f3a2246d60db8afd2ae3383a430c61458089179c35df3e25ca1a15eba86a2a473e661c1364613baa93dcb38652443eb5c5d484b571ab30728598f9b

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-file-l2-1-0.dll
Filesize
10KB

MD5
dcd09014f2b8041e89270fecd2c078b2

SHA1
b9f08affdd9ff5622c16561e6a6e6120a786e315

SHA256
6572965fd3909af60310db1e00c8820b2deef4864612e757d3babab896f59ed7

SHA512
ef2ac73100184e6d80e03ce5aa089dbddb9e2a52adf878c34b7683274f879dcf2b066491cfc666f26453acbd44543d9741f36369015bd5d07e36b49d435751f6

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-localization-l1-2-0.dll
Filesize
13KB

MD5
3979437d6817cdf82da474c8a1eefb0d

SHA1
5e96fe40993acbc7c2e9a104d51a728950ad872e

SHA256
3dd2e16b6f135cdd45bce4065f6493540ebbaf2f7f1553085a2442ea2cf80a10

SHA512
4f64c6d232fdae3e7e583cb1aa39878abbfbbc9466108b97a5dce089c35eb30af502b5b212b043c27c1b12b23c165bd2b559060c43d9e2efcdda777b34f0066b

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
11KB

MD5
4da67feefeb86b58a20b3482b93285b3

SHA1
6cd7f344d7ca70cf983caddb88ff6baa40385ef1

SHA256
3a5d176b1f2c97bca7d4e7a52590b84b726796191ae892d38ad757fd595f414d

SHA512
b9f420d30143cf3f5c919fa454616765602f27c678787d34f502943567e3e5dfb068fec8190fea6fa8db70153ed620eb4fe5dc3092f9b35b7d46b00cc238e3ba

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-synch-l1-2-0.dll
Filesize
11KB

MD5
c250b2e4ff04d22306bf8ce286afd158

SHA1
e5c60b7892ff64cbff02d551f9dbf25218c8195b

SHA256
42367b6b7285bddc185c0badefe49e883646f574b1d7d832c226f2d1ce489c5b

SHA512
a78c4ddf98330698c9da8d1d2c7c3176f22dfabf0900008cff1f294f56a2a14b52becd09ba37a065d544f58617911b3f5850614b5aabd0ec7daf236f29c9b10b

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-core-timezone-l1-1-0.dll
Filesize
11KB

MD5
3339350008a663975ba4953018c38673

SHA1
78614a1aad7fc83d6999dcc0f467b43693be3d47

SHA256
4f77abb5c5014769f907a194fd2e43b3c977df1fb87f8c98dd15a7b950d1e092

SHA512
a303fd57dd59f478a8d6c66785768886509625a2baf8bf2b357bb249fc93f193ac8c5c2c9193e53738805700e49b941bf741d6c4850a43f29a82424ccdda191b

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-convert-l1-1-0.dll
Filesize
14KB

MD5
392b572dc6275d079270ad8e751a2433

SHA1
8347bba17ed3e7d5c2491f2177af3f35881e4420

SHA256
347ceeb26c97124fb49add1e773e24883e84bf9e23204291066855cd0baea173

SHA512
dbdbd159b428d177c5f5b57620da18a509350707881fb5040ac10faf2228c2ccfd6126ea062c5dd4d13998624a4f5745ed947118e8a1220190fdb93b6a3c20b7

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-environment-l1-1-0.dll
Filesize
11KB

MD5
9806f2f88ba292b8542a964c0b102876

SHA1
c02e1541a264a04963add31d2043fa954b069b6b

SHA256
cf601a7b883bb4fb87c28b4a1d9f823d2454b298cdbcb4da4f508db8bd1278ba

SHA512
d68cb926de3caa498ad2aea60e2c5dbb72f30836a6ad9bb11a48f2ca706656981d9332dae44769ccf6f8de3b2ea1507983440afbe1322520f2fd1674cd8de823

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
12KB

MD5
1747189e90f6d3677c27dc77382699d8

SHA1
17e07200fc40914e9aa5cbfc9987117b4dc8db02

SHA256
6cc23b34f63ba8861742c207f0020f7b89530d6cdd8469c567246a5879d62b82

SHA512
d2cc7223819b9109b7ce2475dfb2a58da78d0d3d606b05b6f24895d2f05fb1b83ee4c1d7a863f3c3488f5d1b014cd5b429070577bd53d00bb1e0a0a9b958f0b1

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-heap-l1-1-0.dll
Filesize
11KB

MD5
1bcb55590ab80c2c78f8ce71eadeb3dc

SHA1
8625e6ed37c1a5678c3b4713801599f792dc1367

SHA256
a3f13fa93131a17e05ad0c4253c34b4db30d15eae2b43c9d7ec56fdc6709d371

SHA512
d80374ec9b17692b157031f771c6c86dc52247c3298594a936067473528bbb511be4e033203144bbf2ec2acfd7e3e935f898c945eb864dcf8b43ae48e3754439

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-locale-l1-1-0.dll
Filesize
11KB

MD5
7481e20041cf8e366d737962d23ec9de

SHA1
a13c9a2d6cf6c92050eaae5ecb090a401359d992

SHA256
4615ec9effc0c27fc0cfd23ad9d87534cbe745998b7d318ae84ece5ea1338551

SHA512
f7a8e381d1ac2704d61258728a9175834cf414f7f2ff79bd8853e8359d6468839585cb643f0871334b943b0f7b0d868e077f6bd3f61668e54785ee8b94bf7903

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-math-l1-1-0.dll
Filesize
21KB

MD5
f4e9937296ec528938a3c28a48687f5c

SHA1
961390a2c5e08336857c8a39b254b2bfe3d8bdc6

SHA256
190a2cc8c8e47fcd4d07b4e260e247fb3b5fb4661aa50f7b05158cd062d80762

SHA512
00ccf9326e593236f57c39ffcd3ab1a77c54755c5f938207ad548d64d60a7468ea21f6e340d385e6576bb049bca1dd318da572c5808c353dda1c4629fd99bc42

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
15KB

MD5
047c779f39ebb4f57020cd5b6fb2d083

SHA1
440077fc83d1c756fe24f9fb5eae67c5e4abd709

SHA256
078d2551f53ca55715f5c6a045de1260ce331b97fd6d047f8455e06d97ef88dc

SHA512
95a57d79c47d11f43796aea8fd1183d3db9448dee60530144b64a2dd3cd863f5b413356076c26101d96dd007ebf8aff9e23cf721ba4e03d932c333b8e5536b73

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
16KB

MD5
10e9dfc88bf784847e7b9aab82e28d0c

SHA1
cb750cf87d561ca32f5860854da374dae6c9f2ad

SHA256
e6bab87156c9e7ae14ce36a754eb6891891a22ddfff584b706538152017fbb0f

SHA512
29c2edb44cada75ee8ccae1b55a405c8282c937450913196d54b6da1a1e121451c6e14a92a200574984961fa8c649d8a40caf58ea50a33d42a7dfae4439091c2

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-string-l1-1-0.dll
Filesize
17KB

MD5
1f1d50aa4553e77f6b90ae13bd56a95c

SHA1
cf421a298f485c2a000791e1840ededeea19bad0

SHA256
d343529d2a49cbb89d644deafce573b873ab45e0bf57e2d906b2f2a964d7bd9a

SHA512
a08bdcc2883066a8bdb9336eec5c7f8593202c367ce75a7d7390ed4c6e0e1dbe80b7afadeee78f12ac0386d70ac360af12bf0ff3285acda0425789038951f180

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-time-l1-1-0.dll
Filesize
13KB

MD5
fa5327c2a3d284385d8dc3d65935604b

SHA1
a878b7cdf4ad027422e0e2182dad694ed436e949

SHA256
704ad27cab084be488b5757395ad5129e28f57a7c6680976af0f096b3d536e66

SHA512
473ff715f73839b766b5f28555a861d03b009c6b26c225bc104f4aab4e4ea766803f38000b444d4d433ff9ea68a3f940e66792bae1826781342f475860973816

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\api-ms-win-crt-utility-l1-1-0.dll
Filesize
11KB

MD5
cefab9071ec289d88bb312816e62ca82

SHA1
bd95bd97332ea21506171924acde4f4248a2ee6a

SHA256
340ced80fbcfca804925ff680da1929f68b95959fd7e4d0c9f67322bb5fe2155

SHA512
03c4b2b155392dc02370994d28b78d18c38ccbb0c594866ae31db54111f0f18e264e1378acde0f2638e19871d7e3df7ca3365ad63c0de689c331f6e5b14e3582

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\boost_filesystem-mt-x32.dll
Filesize
121KB

MD5
71d906452c81c293973abd1889de0a88

SHA1
1045c191d7a6759bdacb1d337bdf85036a03a7c6

SHA256
b67ec6ae222604bf02ee1a450728228cca006130c8a0ad98fd846aab6b3b8e9b

SHA512
0a02d6adec9b1cff661d5624557b874e50d063e32a6b1624348c6f56a19670f38cf682e846fccff826e7acb927a6d3cc8a0fb53692f0e0044bfce9014bb46c0d

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\glog.dll
Filesize
96KB

MD5
05c223735bce6e206eda08816eee4a5b

SHA1
4c984a280a3de9da96ec80e6b64a4c5ee0f81c7d

SHA256
80d5376d4631d7939ffd92c750cf5b34dc2bb6404555f45e89803f4a7e832dfb

SHA512
42184e055f329a5fe75f7c8e04e6fe7d6f63c7aeb7c9cf97eeb2e5d022494858815fc6d140e0ab1c713f1a337d910d2a538484575bf487e15c4becd30ad01bfc

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\msvcp140.dll
Filesize
426KB

MD5
cda398e97840ad97553ca9881978f450

SHA1
2c5f2323f9994bba28f617b2c00a9acff7aaf2bb

SHA256
5e78aaaf2096946c01c3fa196b3db97883b5c01d3858d3bd80387328f78290f8

SHA512
e841665910a3fa51a3fd3387761b374178a34e20227fd743f3c23dccf81514c4baf687b94aa7ec01267e1985f3313e29c2a9071ef26c80cce0072b7f457bb5c6

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\ucrtbase.dll
Filesize
1.1MB

MD5
126fb99e7037b6a56a14d701fd27178b

SHA1
0969f27c4a0d8270c34edb342510de4f388752cd

SHA256
10f8f24aa678db8e38e6917748c52bbcd219161b9a07286d6f8093ab1d0318fa

SHA512
d787a9530bce036d405988770621b6f15162347a892506ce637839ac83ac6c23001dc5b2292afd652e0804bd327a7536d5f1b92412697c3be335a03133d5fe17

Download Submit
\Users\Admin\AppData\Local\Temp\Movavi-installer-e0e48f6f-3759-4420-954c-9b7dccc23a22\vcruntime140.dll
Filesize
74KB

MD5
f8adfdeeb3e9e25cc53c68de8ab8ee93

SHA1
dbcfa1979eacd7e6e5731b1ddff3fe7d742d5a41

SHA256
08de0ede013d83f2e911e9147e8056bb71d387ac217c6ce27cf273f9fc826f5e

SHA512
fd8b5ea1775df347c28904a2567e8ef4403fb29cb205fa85681fb6e026c427d375694a4f94305a4a0a1b4e6f205098c21f31046cae85646e66a2975ba7a62baa

Download Submit
memory/628-1936-0x00000000003B0000-0x00000000003C0000-memory.dmp

Filesize
64KB

Download
memory/864-1980-0x00000000719E0000-0x0000000072009000-memory.dmp

Filesize
6.2MB

Download
memory/864-1972-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/864-1957-0x000000006D0C0000-0x000000006D0DD000-memory.dmp

Filesize
116KB

Download
memory/864-1959-0x000000006D460000-0x000000006D486000-memory.dmp

Filesize
152KB

Download
memory/864-1958-0x0000000064B40000-0x0000000064B54000-memory.dmp

Filesize
80KB

Download
memory/864-1956-0x000000006D490000-0x000000006D528000-memory.dmp

Filesize
608KB

Download
memory/864-1946-0x0000000001580000-0x0000000003834000-memory.dmp

Filesize
34.7MB

Download
memory/864-1971-0x0000000074030000-0x0000000074659000-memory.dmp

Filesize
6.2MB

Download
memory/864-1933-0x0000000000740000-0x00000000009F6000-memory.dmp

Filesize
2.7MB

Download
memory/864-1931-0x0000000001580000-0x0000000003834000-memory.dmp

Filesize
34.7MB

Download
memory/864-1979-0x0000000072010000-0x0000000072639000-memory.dmp

Filesize
6.2MB

Download
memory/864-1978-0x0000000003EA0000-0x0000000003EB0000-memory.dmp

Filesize
64KB

Download
memory/1180-395-0x0000000000850000-0x00000000009AD000-memory.dmp

Filesize
1.4MB

Download
memory/1180-1938-0x000000006D0C0000-0x000000006D0DD000-memory.dmp

Filesize
116KB

Download
memory/1180-401-0x000000006E480000-0x000000006EAA9000-memory.dmp

Filesize
6.2MB

Download
memory/1180-400-0x000000006EE30000-0x000000006EEBE000-memory.dmp

Filesize
568KB

Download
memory/1180-396-0x000000006EEC0000-0x000000006F111000-memory.dmp

Filesize
2.3MB

Download
memory/1180-1695-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/1180-1697-0x0000000002220000-0x000000000222A000-memory.dmp

Filesize
40KB

Download
memory/1180-1696-0x0000000002220000-0x000000000222A000-memory.dmp

Filesize
40KB

Download
memory/1180-364-0x0000000000850000-0x00000000009AD000-memory.dmp

Filesize
1.4MB

Download
memory/1180-382-0x00000000713E0000-0x0000000071406000-memory.dmp

Filesize
152KB

Download
memory/1180-1890-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/1180-369-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/1180-1918-0x000000006E480000-0x000000006EAA9000-memory.dmp

Filesize
6.2MB

Download
memory/1180-381-0x0000000064B40000-0x0000000064B54000-memory.dmp

Filesize
80KB

Download
memory/1180-380-0x000000006D0C0000-0x000000006D0DD000-memory.dmp

Filesize
116KB

Download
memory/1180-379-0x0000000071410000-0x00000000714A8000-memory.dmp

Filesize
608KB

Download
memory/1180-1937-0x0000000071410000-0x00000000714A8000-memory.dmp

Filesize
608KB

Download
memory/1180-383-0x000000006F120000-0x00000000713D4000-memory.dmp

Filesize
34.7MB

Download
memory/1180-1940-0x0000000064B40000-0x0000000064B54000-memory.dmp

Filesize
80KB

Download
memory/1180-1939-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/1180-1941-0x00000000713E0000-0x0000000071406000-memory.dmp

Filesize
152KB

Download
memory/1180-1942-0x000000006F120000-0x00000000713D4000-memory.dmp

Filesize
34.7MB

Download
memory/1180-1943-0x0000000000850000-0x00000000009AD000-memory.dmp

Filesize
1.4MB

Download
memory/1180-1944-0x000000006EEC0000-0x000000006F111000-memory.dmp

Filesize
2.3MB

Download
memory/1180-1945-0x000000006EE30000-0x000000006EEBE000-memory.dmp

Filesize
568KB

Download
memory/1180-1947-0x0000000002220000-0x0000000002226000-memory.dmp

Filesize
24KB

Download
memory/1180-378-0x0000000002220000-0x000000000222A000-memory.dmp

Filesize
40KB

Download
memory/1180-377-0x0000000002220000-0x000000000222A000-memory.dmp

Filesize
40KB

Download
memory/1180-375-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/1180-374-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/1180-373-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/1180-372-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/1180-371-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/1180-370-0x000000006E480000-0x000000006EAA9000-memory.dmp

Filesize
6.2MB

Download
memory/1976-392-0x00000000003D0000-0x00000000003E0000-memory.dmp

Filesize
64KB

Download
memory/1988-1909-0x0000000000A90000-0x0000000000AA0000-memory.dmp

Filesize
64KB

Download