b691ff9cb0ab569766d1826a38f22b5feca2a2089bfe999249b8297e2fb8c29c

Analysis

max time kernel
139s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2023, 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

move-transition-installer.exe
Size

2.1MB
MD5

55e0cf06465586151f9960674d1ad0bd
SHA1

f25441a7dd299432f68455601131a9422f17c952
SHA256

b691ff9cb0ab569766d1826a38f22b5feca2a2089bfe999249b8297e2fb8c29c
SHA512

bebe869e380e2e98dca84f7f0098d9d5ec6aa36ef8446240b1f9f685b4b3a9fb04b8668c4c31712887f5aad1a113610f1dcc56e1f1cd2ddf0ebdd20d93538d52
SSDEEP

49152:LcsQ6Q2MUjVJOYLS1lFo0HcBZMQf3g9jxc8vrES8tLspGsIRNvJZa/Vs:L1QT7UHomnBZMQf36OkrEdLscswvJZUS

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2072	move-transition-installer.tmp
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe

Loads dropped DLL 4 IoCs

pid	Process
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\fr-FR.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-dshow\locale\hy-AM.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-mf\locale\hr-HR.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\tr-TR.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\ba-RU.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\luma_wipes\wipes.json	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\aja\locale\nl-NL.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\ro-RO.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-mf\locale\hi-IN.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\bin\64bit\obs-scripting.dll	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\libobs\premultiplied_alpha.effect	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-browser\locale\zh-CN.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\ro-RO.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\sl-SI.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\sr-CS.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\hi-IN.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-mf\locale\ar-SA.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\themes\Acri\bot_hook.png	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\themes\Rachni\up_arrow.png	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-filters\locale\ro-RO.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\scripts\clock-source\dial.png	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\libobs\default_rect.effect	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\enc-amf\locale\bn-BD.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\tl-PH.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\gd-GB.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\luma_wipe_transition.effect	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\aja\locale\uk-UA.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\ar-SA.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\pt-PT.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\locale\szl-PL.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\vi-VN.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-filters\LUTs\original.png	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-filters\locale\de-DE.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\aja-output-ui\locale\si-LK.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-browser\locale\sk-SK.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\vlc-video\locale\ko-KR.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\fa-IR.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\uk-UA.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\coreaudio-encoder\locale\fil-PH.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\eo-UY.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\locale\et-EE.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\locale\ta-IN.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\locale\ru-RU.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\he-IL.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\nl-NL.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\en-US.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\luma_wipes\burst.png	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-dshow\locale\ro-RO.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-filters\locale\sr-CS.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\zh-TW.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\sk-SK.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\locale\oc-FR.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\themes\Dark\sources\windowaudio.svg	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\et-EE.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\sr-SP.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\locale\sv-SE.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\ca-ES.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\id-ID.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\ka-GE.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\fi-FI.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module32.dll	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\themes\Acri\checkbox_checked_focus.png	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\nn-NO.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\pl-PL.ini	OBS-Studio-29.0.2-Full-Installer-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\OBS-Studio-29.0.2-Full-Installer-x64.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2044	firefox.exe
Token: SeDebugPrivilege	2044	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2044	firefox.exe
2044	firefox.exe
2044	firefox.exe
2044	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2044	firefox.exe
2044	firefox.exe
2044	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2044	firefox.exe
2044	firefox.exe
2044	firefox.exe
2044	firefox.exe
2044	firefox.exe
2044	firefox.exe
2044	firefox.exe
3344	OBS-Studio-29.0.2-Full-Installer-x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2072	1792	move-transition-installer.exe	84
PID 1792 wrote to memory of 2072	1792	move-transition-installer.exe	84
PID 1792 wrote to memory of 2072	1792	move-transition-installer.exe	84
PID 2896 wrote to memory of 2044	2896	firefox.exe	95
PID 2896 wrote to memory of 2044	2896	firefox.exe	95
PID 2896 wrote to memory of 2044	2896	firefox.exe	95
PID 2896 wrote to memory of 2044	2896	firefox.exe	95
PID 2896 wrote to memory of 2044	2896	firefox.exe	95
PID 2896 wrote to memory of 2044	2896	firefox.exe	95
PID 2896 wrote to memory of 2044	2896	firefox.exe	95
PID 2896 wrote to memory of 2044	2896	firefox.exe	95
PID 2896 wrote to memory of 2044	2896	firefox.exe	95
PID 2896 wrote to memory of 2044	2896	firefox.exe	95
PID 2896 wrote to memory of 2044	2896	firefox.exe	95
PID 2044 wrote to memory of 4628	2044	firefox.exe	96
PID 2044 wrote to memory of 4628	2044	firefox.exe	96
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97
PID 2044 wrote to memory of 4864	2044	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\move-transition-installer.exe
"C:\Users\Admin\AppData\Local\Temp\move-transition-installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Users\Admin\AppData\Local\Temp\is-S5MQ0.tmp\move-transition-installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-S5MQ0.tmp\move-transition-installer.tmp" /SL5="$A002E,1504526,747520,C:\Users\Admin\AppData\Local\Temp\move-transition-installer.exe"
  2⤵
  - Executes dropped EXE
  PID:2072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.0.1701625569\1965674336" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9459b62f-2101-4fd1-a571-abcf7aeb11ee} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 1956 212b4cc9e58 gpu
    3⤵
    PID:4628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.1.380325611\1828654773" -parentBuildID 20221007134813 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1f145c5-df17-4be6-9f6b-91ff5c5fa9f0} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 2336 212a7d72858 socket
    3⤵
    PID:4864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.2.1229547972\571762323" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 3164 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e8889e4-8fa9-43b9-8d29-363d4781689c} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3176 212b88f1e58 tab
    3⤵
    PID:820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.3.183538337\215892498" -childID 2 -isForBrowser -prefsHandle 2380 -prefMapHandle 920 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6a643d5-b20f-4f98-8f38-e080d8844068} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 2480 212a7d63858 tab
    3⤵
    PID:400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.4.1980373474\1620125416" -childID 3 -isForBrowser -prefsHandle 3980 -prefMapHandle 3976 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {484573bb-5278-4cc3-9204-7fd52a9b08cb} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3992 212b9baf858 tab
    3⤵
    PID:3400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.5.1057439601\903577747" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5072 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b51c817-4ef0-4fb0-bb76-ff63bac73b39} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 5084 212a7d30258 tab
    3⤵
    PID:4224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.6.1861029029\501996863" -childID 5 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {975505f5-5ae4-458d-9d9a-0423d152ad70} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 5124 212bb1c1058 tab
    3⤵
    PID:2488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.7.623816741\344735457" -childID 6 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04763c4f-78ee-4362-9126-a774149c4336} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 5412 212bb1c0158 tab
    3⤵
    PID:1076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.8.1134776590\1514647494" -childID 7 -isForBrowser -prefsHandle 5800 -prefMapHandle 5796 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce5d7ccd-686f-4133-b853-c38537b40f8b} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 5780 212a7d70a58 tab
    3⤵
    PID:4440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.9.1799221934\803844697" -childID 8 -isForBrowser -prefsHandle 6044 -prefMapHandle 5804 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b64cc23-d906-4071-b2e9-b7115126d0ea} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 4796 212bcf28558 tab
    3⤵
    PID:1164
- - C:\Users\Admin\Downloads\OBS-Studio-29.0.2-Full-Installer-x64.exe
    "C:\Users\Admin\Downloads\OBS-Studio-29.0.2-Full-Installer-x64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3344

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
149KB

MD5
0b09685bc7d8fa35d92ad78ae11ca7d0

SHA1
53c3553fda5254940059dd9ebfc8a3476aa00f2c

SHA256
6ad665a4c7209fc2e24de9883ee9cb596c2454c8ef12b9709b34c75cb063249d

SHA512
ca7b7ea42bdc972aa66f96b909c5ae7e244f122a060d59b15fa8d933283de5287a7baef94551d3ae599a746bec3167b35ce232050adfbe6227cf25de09d97c32

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052

Filesize
14KB

MD5
e89470dcee506b304b0bd1911104b543

SHA1
cccd704d8e1ccd680194265894b7620ff4111d5f

SHA256
1225270bcd4906506dc08b18d7b885c17d73b2436a52dca723699e6fa4012ee3

SHA512
43a9391b6f55289a7e14db7063c3b8d33465b81bb148d42109dba9e9831bb916d2ae0930892bb70b6a1d3c40a49c12693a7687c2d3fa802b4d6b0d11a4c0e430

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
6c9b80a526b6a9d526bc3811220d2271

SHA1
79c54ea8749cbc20a53a1a106bcd0bce6eca6b0c

SHA256
68abc428f6e05ec1f3b55523bd70b116317a3889270ad9a426a472a549cf3190

SHA512
fd2dca4ef04e85746089e379605122637678018c1dba52e0bc433ce612a4643051adf2a4556c14dc55d70801b5810671bbbf8325b73accfc1b58309001a246de

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-S5MQ0.tmp\move-transition-installer.tmp

Filesize
2.4MB

MD5
c6859a17dce8c56f0f7bdf7756090641

SHA1
43d69bcc17382cbe4ace1e3e5fedac51c0d96322

SHA256
ee30adc3c36140e6eb168c3b92721e9b7628a581a772150df03d0cab5cb7ff0d

SHA512
db4c713578a670435dfc8779bafc2813efec40c47efffe3c8a813ed8019f27304025345ca92f5c94f8ddbc288725bde3ace718e33eec8cd238be57195e1bf7eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCBAE.tmp\InstallOptions.dll

Filesize
15KB

MD5
0a9fb96a7579b685ec36b17fc354e6a3

SHA1
355754104dd47d5fcf8918dee0dc2e2ee53390a6

SHA256
b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

SHA512
67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCBAE.tmp\InstallOptions.dll

Filesize
15KB

MD5
0a9fb96a7579b685ec36b17fc354e6a3

SHA1
355754104dd47d5fcf8918dee0dc2e2ee53390a6

SHA256
b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

SHA512
67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCBAE.tmp\InstallOptions.dll

Filesize
15KB

MD5
0a9fb96a7579b685ec36b17fc354e6a3

SHA1
355754104dd47d5fcf8918dee0dc2e2ee53390a6

SHA256
b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

SHA512
67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCBAE.tmp\OBSInstallerUtils.dll

Filesize
426KB

MD5
e1f825260e7224ef0526514754f7d0e8

SHA1
553d67289b039ffea5d8b59f509b9265dca2ba19

SHA256
1d84aa191fbbd842d5eeed302195579de1256a9acb980308bf31a631ac01e530

SHA512
b9453eb4ae6edbfd86e438ed0825725ab91100b8403a933bb0e359703be462f6d3d37f8bfb32eeae375a46512c619370f9802925ae0d8898f540f933b05b281f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCBAE.tmp\OBSInstallerUtils.dll

Filesize
426KB

MD5
e1f825260e7224ef0526514754f7d0e8

SHA1
553d67289b039ffea5d8b59f509b9265dca2ba19

SHA256
1d84aa191fbbd842d5eeed302195579de1256a9acb980308bf31a631ac01e530

SHA512
b9453eb4ae6edbfd86e438ed0825725ab91100b8403a933bb0e359703be462f6d3d37f8bfb32eeae375a46512c619370f9802925ae0d8898f540f933b05b281f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCBAE.tmp\System.dll

Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCBAE.tmp\ioSpecial.ini

Filesize
1KB

MD5
20d048996a1095ae291f131344fa2794

SHA1
3f219e7518091e7e95847b0cbf582c14c3cbdd19

SHA256
455a88b6667cef79590dfadafe31d0034546653d17ecebe813b601e2b12343bc

SHA512
18704d2988a7a95257bb948565eb006ce251fd839338d7862ae10b8146d83cbcc184de7ce9c31c0fa9e9dd310f2938b570e6de37bba1b8f3651068fb833a2bbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCBAE.tmp\ioSpecial.ini

Filesize
1KB

MD5
20d048996a1095ae291f131344fa2794

SHA1
3f219e7518091e7e95847b0cbf582c14c3cbdd19

SHA256
455a88b6667cef79590dfadafe31d0034546653d17ecebe813b601e2b12343bc

SHA512
18704d2988a7a95257bb948565eb006ce251fd839338d7862ae10b8146d83cbcc184de7ce9c31c0fa9e9dd310f2938b570e6de37bba1b8f3651068fb833a2bbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
2460bc10caa4ec8e7cc87864690651f7

SHA1
221c674ac12114627b48d45153ed77b7716d7a84

SHA256
30ecc25e6334339b8dfe8083d674813319d6a5ea8198324517d478280d6755ae

SHA512
cb33414cdebf83993999116395248174ba68f34e5cc53e6313b9fbf180ed048f78aef69973286ae8150e0b23e5c7af0fde4c6a8603e4b3bf662431ae558fe951

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
7KB

MD5
a340da8d558ff06db4cd2438c3713aba

SHA1
055dfa39242e83f1f22e07537ded98736abeea37

SHA256
db23e593cf6b69557b9921ab99a7605388167868faaa96ecfee0765cd82af02b

SHA512
94055d5b42fbf1365771dce695190275832f6a7301aa24a478bb04562af92a0ece2ae5b4d020068ab9b881242662e93cfea2c8238d1efd7a9a94d0afadecfbb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
7KB

MD5
5b2217b051533172c9b1c171cf5121f4

SHA1
e37705d642a1fa6abd36e932feda740cc72adfd1

SHA256
9db4ef616f762d992bf380785c7af51effeef3f70b41e294698390916fc272b4

SHA512
6006e6964f015d40c31238c7004b8b46d980400681d65aeb4e9fdb72c9732ae53557b11f49f1c4c6afa4ffb4b0f506bacb76474357b0a763b690a60359a1c4f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
8KB

MD5
cd2ba9c67a647ebd45a6225398739dab

SHA1
7a8b24eb99c631c9d9f6c0496612e28aa5f5ed05

SHA256
c2cbda368faeba17fe96496fe40a02d57db4a8d51c998a1c8b6fdaa2a6bed55a

SHA512
804470ff0e3ce2259150dbe25d5d9e3f0d81e8c4cdabf0d1015e950b8b24377c088eae31eab20583acf0bb14a28fac982033f3f6948f43bb8b79b9ed93dcda0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
dd3c339f00c90b6b637e4de28b9665a3

SHA1
b4752f2cff4f0fdea94855c8298e4235469dbc1d

SHA256
c1d136c8a25826337f27fda71e8583d22007c034bb63c37fabd1840fbc38ed91

SHA512
87d15fc84ffda0289787f17c448dfba1fe6a2fbe312de972e982cdd35cff8c57bb9714ee855db912be3f754a4d7cd3d33c9733048b04149bf001c270040899df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
2d094e1204007c84ed5b6d0baa29a227

SHA1
f5113f5bc6762dccc8124382e45a0e1b0bb8df76

SHA256
1771ea9a3bd58df55154626564819d2bc4f78dc60741fa19dd54abe3aed6941b

SHA512
5398d105921809d13c4c2f99613f1bed4e7e953259a142325d867de7bd4fd0f25edf46150d568c05ce853ae7d90a3d818eaa9163b096c3e7f9c6692115ea7c14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js

Filesize
6KB

MD5
f73e52d124620d05267ba934f3b312d3

SHA1
34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

SHA256
fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

SHA512
4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4f324c9896e9cb483c84aad3ac464642

SHA1
391e79d9dfe9a5274ed37e3a16b480c6d53bcf29

SHA256
556ec35348d740305b861194349f868e94ef66f97fc0f5ad919a8bfab5e0288e

SHA512
e3260445194215e0cbbaaa9f802b90ef66b38054a90b3146cb9ae52423064ea68076a8b3d3822b0b042c014515d864f8950cecf736f81142f76e53720f56e7a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b3df7c0b25ad75ed6992291599067405

SHA1
ac0f1597fb528c3eca3c9869bc5be820e9235bf9

SHA256
b9c6f054e32ff9fadae772f16ae7cefac38e7f92427c781ef9875d7752275c0a

SHA512
b09892db461cf3c6d07b4c5c3ab596e2cdfb571b0b0a5e64ae163a68b6e01946437c3f04486c1db714a8c76c892beee127bd0569de8ca81990f0570a4969a3c0

Download Submit
C:\Users\Admin\Downloads\OBS-Studio-29.0.2-Full-Installer-x64.exe

Filesize
116.7MB

MD5
6f68c0a7e56797f1d77bc3ff19170968

SHA1
235913e20777fc532cdab6cafcca482e59cf1b9b

SHA256
428f5ef6b5938cbdfb7dc18f53a72a11803014644288765ff0916208537877ac

SHA512
48d26ec5b114b48ed33d175996d52f2aa1fd078ec7e65efe5bead2866d26e8c43871c4adee4dab6443aba8b14639d9864d1a7d2f92603a7ca68dba61b3912efd

Download Submit
C:\Users\Admin\Downloads\OBS-Studio-29.0.2-Full-Installer-x64.exe

Filesize
116.7MB

MD5
6f68c0a7e56797f1d77bc3ff19170968

SHA1
235913e20777fc532cdab6cafcca482e59cf1b9b

SHA256
428f5ef6b5938cbdfb7dc18f53a72a11803014644288765ff0916208537877ac

SHA512
48d26ec5b114b48ed33d175996d52f2aa1fd078ec7e65efe5bead2866d26e8c43871c4adee4dab6443aba8b14639d9864d1a7d2f92603a7ca68dba61b3912efd

Download Submit
C:\Users\Admin\Downloads\OBS-Studio-29.0.2-Full-Installer-x64.exe

Filesize
116.7MB

MD5
6f68c0a7e56797f1d77bc3ff19170968

SHA1
235913e20777fc532cdab6cafcca482e59cf1b9b

SHA256
428f5ef6b5938cbdfb7dc18f53a72a11803014644288765ff0916208537877ac

SHA512
48d26ec5b114b48ed33d175996d52f2aa1fd078ec7e65efe5bead2866d26e8c43871c4adee4dab6443aba8b14639d9864d1a7d2f92603a7ca68dba61b3912efd

Download Submit
memory/1792-140-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/1792-133-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/1792-150-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2072-142-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2072-141-0x0000000000400000-0x000000000067F000-memory.dmp

Filesize
2.5MB

Download
memory/2072-148-0x0000000000400000-0x000000000067F000-memory.dmp

Filesize
2.5MB

Download
memory/2072-146-0x0000000000400000-0x000000000067F000-memory.dmp

Filesize
2.5MB

Download
memory/2072-139-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download