Analysis

  • max time kernel
    56s
  • max time network
    70s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/02/2024, 21:46

Errors

Reason
Machine shutdown

General

  • Target

    vlc-3.0.20-win64.exe

  • Size

    42.4MB

  • MD5

    3d63e3a94c39a18f4da866b896b41e80

  • SHA1

    c9520268936bfa6d060c8603cdee753db214d0ce

  • SHA256

    d8055b6643651ca5b9ad58c438692a481483657f3f31624cdfa68b92e8394a57

  • SHA512

    9dfcdeca8fbfb655d3a4a8d0297fdc7f4c34a46c1b4238436d6e51e8621cbcd866ebfbd2a738a50dccdcf18d162b213b086a5e2a720205751ae07147e800838a

  • SSDEEP

    786432:3ESqSGUR5EpRsHXEiGxu9XjXlQGPmVaiTZiq+gB18wgMu232zhkYwWmA9d:0k1eqX6ucRX+C1xgMu232zhkYjD7

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe
    "C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe
      "C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe" C:\Program Files\VideoLAN\VLC\plugins
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4696
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\VideoLAN\VLC\axvlc.dll"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1972
      • C:\Windows\system32\regsvr32.exe
        /s "C:\Program Files\VideoLAN\VLC\axvlc.dll"
        3⤵
        • Registers COM server for autorun
        • Modifies registry class
        PID:2044
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa3a14855 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:1148

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\VideoLAN\VLC\libvlc.dll

          Filesize

          186KB

          MD5

          12301645d2d72c0f480f2a6a65bc706e

          SHA1

          d9350fdedc5c3c311cea7f5087cecf24c1793ba4

          SHA256

          a2625d21b2cbca52ae5a9799e375529c715dba797a5646adf62f1c0289dbfb68

          SHA512

          fc856a3badd2479d2e30cb77b97d46db60946e2b15cd90425f85ebd877c67ab4752035b7c6f969f8188ef6a7206d2199ac11fb6c2746a758e2a7f640fe73a700

        • C:\Program Files\VideoLAN\VLC\libvlccore.dll

          Filesize

          1.8MB

          MD5

          422b9f60d82728f281b3cad86697af19

          SHA1

          f84a56e2559bf5385e5d87e8b3778154e55eb1f3

          SHA256

          d10294e490e96130f046167fcbb393baf6b7e1ab5dea22441b8374d5569fbb7b

          SHA512

          170673ed896b0d00a61a854ab1e4c0328084d320e4aa87285b94de5e7f039d4f8a3b09815be059191785e8fafa8f63913089ed1d572dcd4e16c6e9b6735a7090

        • C:\Program Files\VideoLAN\VLC\libvlccore.dll

          Filesize

          2.0MB

          MD5

          4d07eada4b3fd38068352e23f65bdd24

          SHA1

          860451d0615ad3125599fb2060ddb73a00a8de66

          SHA256

          1502946879e7d909c1909b64f5de925c4c4d09610302f8b8eef1586daf8602db

          SHA512

          14d6511a070c9b217f7605291d28339872a9732dbdfc1386823faa94aed277ce4341e69a31b21cd27ebf83596bab731eaf60bb113068095ea2896b681475f3de

        • C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo

          Filesize

          831KB

          MD5

          bbe76d1ac5f20a0bf6ba7cdb3624b1e2

          SHA1

          c78ae9b700ba77e8f69a1bd8c17656f843f4e551

          SHA256

          25bf0fe95a0e02257958699d9e7ee99984c17d5b027b5d10f4246932abc5defb

          SHA512

          85786fdde4b693eb8bebb1c52706b0ad11bcc0279742321d08e158cf98dcf789659592e0335fae0c9b8ba529884d8d9c7e7e4a6cde6979d590700cd4cc5cc1fd

        • C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll

          Filesize

          42KB

          MD5

          399c70d81ee56fee27778f5df76bcffb

          SHA1

          61a55e01280e7de7d0d01490f5cee31eaa607db0

          SHA256

          8b6a92c5e127c876f273b52b05c8325d45832e1ba0be6e3ed160135287908a1c

          SHA512

          50d4c01fdff9d7ec138e409cef9293bec1257f3f93a45835d254e888f1daf5438f4ca37e2c18c46668b35dbd04d9bfa960a69bfe9a843a0085114c999e30c41f

        • C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll

          Filesize

          71KB

          MD5

          0e15e4a2a2c4ca6596fadba8fd698886

          SHA1

          b4400814c9e6b8b4d81444de1d6582ee29543b84

          SHA256

          05d894562b569132df7ce2f285bcf3bc008b0d112f1f5acceef210e4ea3096b4

          SHA512

          4def562b67fb37a16c1f7ef725ebf8ab5b0cc91f3a9fd78e061b8031e67baf3d34b51e6b82c9e717a1699b8642c94a3994021cd06e2430605eed17674cbca369

        • C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll

          Filesize

          105KB

          MD5

          e71c982fe2454d646e7b648e32164b9b

          SHA1

          6d0a9bd50732f029bd54aa226c873d33b9e99864

          SHA256

          bf5c5862e72ee510b31f4b2fa12d3515c21f3b5da8f0b0d6378bbd051673ff14

          SHA512

          8061381c96173d95ef83067ff61283aca982d22ed87838e349caa8481b63a20c3cfc4b7ce7ed008a8d95faf1dea693f28daa7633bc05b02b6f05fc73eb3322c9

        • C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll

          Filesize

          146KB

          MD5

          ede792db2e18a21b797ef5fed54b8c4b

          SHA1

          4000bb059d1da7ad794edba3a4214913c12ce9bf

          SHA256

          482eb8d973a09ced4ad2a2373026d7757a708057977a5a131f875cb5962e1f9b

          SHA512

          503d879df0c1bffb530482f4c0f84ce30947b513ae49a24d01611839205d4177450fe4d5a73d0cd37cd2c4a09f10a2fab983827d0ebe626b1d45c3d83d0ddf89

        • C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll

          Filesize

          3.2MB

          MD5

          5b85e3d2d30a5a60e77d666fb681b212

          SHA1

          57fc2573f2d79de0f6fe89dd31a4444da3032899

          SHA256

          4b76cd9afb908930e587fac23f217d59901b10ea5ba47438c4d658854e43a50f

          SHA512

          9e2f02e1a769132bd8f40724ad98fb1412854eea603bb8f3ce08ce21333f5fa7968bddd6b8385a419822038f4b7e6daedcd8e2bfa320fb2cd39d118a3e0197b1

        • C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll

          Filesize

          3.5MB

          MD5

          bfa542e8b5dfa944f75ac905561a1bf7

          SHA1

          474376f5ceaddae1968fd5346523eacff78198d4

          SHA256

          83b4eee89f2c981949636e39fe8f43ea5d836d84e4d75e054c84c178f393237e

          SHA512

          ff35a61814753c5ebd8fc06c3fede0de01cb7e5e9f267445667d27af4e038409a1d45efa7b414bc54587b9432df6f38978ebe61a180997da94349b8d24cf3255

        • C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll

          Filesize

          58KB

          MD5

          5b0bc2238c0841d3e145e65c063ea4ec

          SHA1

          6c2e3a411aff78de463adff3c82ea2caaafeb050

          SHA256

          5d9f494558998cd8b4f1177a4833ba5608c36186ce8ca68b58bea24ae20f8fcf

          SHA512

          55f4abf59138aab5594079c4a679cc8d959c8b86b59c4a39dc469d038ca43a916b02599b974be99e14e8686df0938e7805759f8d56354c86676f81e9659b5995

        • C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll

          Filesize

          40KB

          MD5

          5976f65a561c9a2aeadb7cfd50573d9c

          SHA1

          a21a4127d7d59b2bcb85011180abb4cc3d911017

          SHA256

          1bc95320136876ae16af46ec405b494d0578da12f5103cf191f20fd1a5afa546

          SHA512

          e32aa769eb252ec4ac81d6fbf93e61618de7a128172291c561c2959ac70996af26e4e46c20feea109a3201f6a334d2e79081b20e126e54fe843303ab6fe56c93

        • C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll

          Filesize

          807KB

          MD5

          52fa49105a67f737c9792d776833360a

          SHA1

          20716a639445219812f2725f0e8a9ddb9bf7b489

          SHA256

          6746a6b131b4338fdbd03f9d63683ff3442e0b11b9e1691b2c0a6676a804770a

          SHA512

          fd08397a932b4bad1a3b03238f0712a2e08ea8635a7babba35a33ce22fb37639da7d9e078fbe29d36c2a30157bafdded1a6cb3c45b943b41f8db8b3b4efdce53

        • C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll

          Filesize

          960KB

          MD5

          356328d51a432bec8270192aeb5874b1

          SHA1

          2c088a0d80c85f9861216b3e5f8038529395cbf7

          SHA256

          6f86c4d2912df1072cca6b94e632d943f846cff9673e13602eaaa37f13ccd26f

          SHA512

          3a30b645b823fe01d85404c6cfbe6797f694d972264542c4c00e7049318747eb92ffef8d1ea5d3b6c005b29d0766c11243953589ee39227a954cfe2d658349c3

        • C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll

          Filesize

          832KB

          MD5

          3cb75d7ef1c7132a7229e82ff89413b1

          SHA1

          cd4051339854698c6e3e56861c8886d12f914880

          SHA256

          3fa7001d41076cb635b5e0893322c5e9a2ef94014cce5777ce587b529ad301fc

          SHA512

          5c66dbf454b377b513a3675ab91a4c10012598d21767c0a20fbe68905a10831f3a334a7917b487e3bf83a816c2702b4a6a12458879283067ba94bcc8c675bc21

        • C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll

          Filesize

          901KB

          MD5

          89b1863e07d391f2dc853964fe469740

          SHA1

          1b88c42217b897b76473831c8416f561eb29616b

          SHA256

          c3f32722bc908cbe219dd9de296c5d457be91534518d361fa03a76d69ecbfc8f

          SHA512

          4bfe7899fb7ce7efd5c493476fdeaa0a291dd5ced127180dab2e39e1b0fd003090b5ac65f3f6a08cef25a8fd1ba09cd5f20b6f5840a058d327a3b8ed1d2bc04a

        • C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll

          Filesize

          883KB

          MD5

          a137f71c6dde9f60cfca58f280feead8

          SHA1

          f298d0231a4aeed11b21a9b14c4fe20e9db4714d

          SHA256

          6851a0bc1a53d80f5007757c2421a0e317a8b0c79a6ef3dad8c078db9b6d6fb4

          SHA512

          d37c16e9fce24a893d1c2d9c50a8972ae016e4fefe620db8d867e2b6f405cbc501868c88c914e77fbac03ded58bdda8f21296d10210327abeb64d377c3c6a63c

        • C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll

          Filesize

          227KB

          MD5

          05d7bf0cc8a26a2c7c178f28451df600

          SHA1

          a2b451be4f9b4250454d64b268f2f2bc25e87505

          SHA256

          4906cec55a66ef53a3e4dd1d09b244fcecc02ba37d2f017b6f44904f1d8bce06

          SHA512

          09c4f774b3a66d96c84c700832f54073d997fb585f65ef907aeac5f8c7f07d03c62adb6ef8c6fa6aee202a6b06ba96fcdc79dbb9a4b495bb96f0c46bb15d968a

        • C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll

          Filesize

          161KB

          MD5

          3b513f5ed9c2607966b095c28050f958

          SHA1

          32f62ddee0c95c12fd96f289735934c45718594e

          SHA256

          54e1fe5c3a562a7c71a853e63aa355430eb1ba28bad6e7b9097c02b338e9968c

          SHA512

          e25bf53c5d80f10c474c1316000eede07b713ec256adab7b6c946b58b68cbc1afc16f49e0df88f4a3e105ab1e77ef1e7303e087bca0a79a3b9713d1b39fbbe9a

        • C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll

          Filesize

          69KB

          MD5

          cbc1d8fce47dc898a8bbe923d4046b4a

          SHA1

          c55166e5a7d3068eef9305b1fd28ecce8cfe2832

          SHA256

          d9e21fb0b03be335444435ae2af68d52c92347642c41d52b44924a0787ad5190

          SHA512

          9916595ec21b6365224382beb3de88747baff4ed5d6ccd1287a8c0ea9b5c9d4fa01cffd9aabdd5ac2c4fb1b5013e99464a366247bf1fd10e138a7c4fe9432711

        • C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll

          Filesize

          124KB

          MD5

          aa43cee76c4387d710849f4338fe52b2

          SHA1

          d500c6dfb921486054db380408128d47ec7f5957

          SHA256

          5499574b67f736506f8733d029995cd769870ad03b7a3f3e7686c01223e9ad7a

          SHA512

          5554c621e6acbab6d521a739f69250fe06b178a396764c66e311561636bca02ed90713165902ca3f9afbd09dfc6a95377b9dd833df5deeefcdd8b86d47fced56

        • C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll

          Filesize

          74KB

          MD5

          36f73931514be53e12378860904aaeb1

          SHA1

          28496b852c3364e5b4c60830061594ebf5ce64e7

          SHA256

          f2016e1af95a85224614dec09bf0a8a8e87b37a75011ca9eb32c5bc04f6e6656

          SHA512

          38fc5febb9b21fae59072d8f04afed9226bcc9e5ab44e5fa1d00fdefe1caf7411edcb21a02a6f02d051b4acb43d5a7d18a3ad72b99b39d50a81abd19ca38a9f6

        • C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll

          Filesize

          151KB

          MD5

          ce0d3532d91dd667377fa932c062bb35

          SHA1

          0b547f9a285069b4b48e73bb418528f80f8b1724

          SHA256

          e26ba30591b78d5399fdd9effb4e8d0d336aec20041567067488fb9b41a4a7ed

          SHA512

          235bcec66c66998e79fc93ce49b56f09a8a825e6f0e107dc5478238b0d5badae850d0f47daa912ffc2f151a3a47c25a5ff6475c82460bdfe04348bd6c3f809f6

        • C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll

          Filesize

          40KB

          MD5

          ff5957e544f7d9997e79e4ba692b9e58

          SHA1

          94b3f29a89134132e810abb0a01696eb4cbfd73c

          SHA256

          fb1dbdad5f819b76e84192339148c5aa8bc752cc9753e4b844fcb488cd0801c6

          SHA512

          0c4f2b158e330e7a28a20f0058441595fbf6dfd0f4f15e6d61ec7180871a19227cc10eb3527acb61b461f221e39636a5d5ffaa8e85c08856a662bdec40943bb7

        • C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll

          Filesize

          40KB

          MD5

          8a8f11237d8e83de67315c078b28a933

          SHA1

          e06e375085b095a220e28c36edc540d75b79e662

          SHA256

          6b9a9fc8c264fb20d5c72db986333c3b4feb8eb05fcb0f882d28b62e0d1d5704

          SHA512

          8977391909c76ab809279d63f5e43693d2d484b66d172948d98dd13400f70457a381cc87fdea2e130e94a6b2ce3f3120c818bca464b287cfc5f684bce95b4568

        • C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll

          Filesize

          2.0MB

          MD5

          ea641eb5252463c47b32a24c93efb276

          SHA1

          c87acc08829b73d47ba21de10ca9726ce8183719

          SHA256

          de24358cbb0fc4251a7ff01b8620f5d5c466046d640fafa373df5bc16ab2973d

          SHA512

          f693d24c26bda8b2b4d99f752b0e2f0c58c42e22c80dd805742da2bc39492a79f9786b8c1703fff761c8f48dd13e9408780d61de8517d3f2f6d490122d93780d

        • C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll

          Filesize

          768KB

          MD5

          2bf10932fb3395618f24e9a77ed3eab9

          SHA1

          f4c3961c3da897a326adb83a93c72cfc7cd01e26

          SHA256

          175fec4d16176d390fc47efdf102615f53aa5177b35759dade2f3951d9b3219b

          SHA512

          0d042f2b57bc686ba10286942a912631985930040c716e4c997e95edc64f997379fd9520b3dc3a06953500aebe64ace8e3fddcdb713858388b8be5599d27873a

        • C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll

          Filesize

          582KB

          MD5

          4c91717bb495f3db359100199a8ea488

          SHA1

          fccd48ef3e337ca9ca48a3fe701fdcd72579564e

          SHA256

          794250381d0486cd3bc181b6f7cc9464969e97debbb7b7c93ea1618927279a2b

          SHA512

          2e18d9e99c89fc5999d1cea1b12927fce3ffa9b291fbc3770b358dfd3b414ac041ca63371c805d4cc426a94d30cadd8705e16e62a94ff86b6e4eaf1c66195cca

        • C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll

          Filesize

          285KB

          MD5

          1ea40b8c695d15a27d61d2002e4efc6d

          SHA1

          75f490d3a5b5ae6153d5b69254732e19296267f7

          SHA256

          efbc6b12f6252e3c249b545a043b76df7db66bd04b7f4aed61e0e46c81260333

          SHA512

          21328350d73f13f0231fa36a48f2502f5f9031ad2eed81900c1109ff41bd7e7a8dc06587051a768011358d8a9c95cffe6e18a987138b290993f67b2a53b9630f

        • C:\Program Files\VideoLAN\VLC\plugins\access\librist_plugin.dll

          Filesize

          115KB

          MD5

          ad221c77ff4e008e138da4570acecb6e

          SHA1

          5d611cab3ce7bfce9d9db0f26e353259aa7b8440

          SHA256

          eaf0324f69c4d74acd8651e9f376f1a74085e12a2db705e19217fd9eb8bfc3e3

          SHA512

          66673c3832fdbf6717d99e5dd91bd1282c88d104f2ec4e232809d8abe67ad60ec6a5160cecc07d317828fd2aea834470de5dfd4f174f35ce67b4e43387855d38

        • C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll

          Filesize

          659KB

          MD5

          708e346f557368e6142111d4ea88b5d1

          SHA1

          d63a0861abb5f980d945bd9e8d2b9aa24de09725

          SHA256

          473cd5c6b8c5b0cc431454daf7f4b862e3ac84aa12a6a1cdd29266488c1be627

          SHA512

          38d0c989ea5413f0b7848d9f5080760bf08612f36662ae9798041d14cd67e30c96fcb51043befecbc4daac3330ce43162603dc164b924eb2d3618b289e9fe822

        • C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll

          Filesize

          74KB

          MD5

          8836005a07c87a1d9f4a758b2d00809c

          SHA1

          678cafc4b7018afbcf2be4292640ede8bc3ebecc

          SHA256

          eb2141ad9f4d25265e8c3a141c3cb91d0998938761e52b1c13e084be64571400

          SHA512

          feb37a0aeea7e31d5b0ce081114666863c01e0b79f3145ba14d71a3fcf8bc64f91e4fb02f68b28b49deea05e3a6d699acad15c76db390c52fc407479401e3ae4

        • C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll

          Filesize

          47KB

          MD5

          ab0ecf16177be2ba45c26b26e0b5d80b

          SHA1

          23a91166d0f6ac099792c234269cce01b65be613

          SHA256

          dec97a889aebccd7d899ff7215883c81f399fcbc82533c07308b58d265ec6211

          SHA512

          e0c1795c3fcb90fcd1b4b6c9ffe6e3c4ed242897963847b5e221aaa4dec114f0c9631058ae0ab72405e088a8d002e12b58fca1128df04c31961e058b7b475200

        • C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll

          Filesize

          39KB

          MD5

          2973936ea149732d241608fc6ae04f24

          SHA1

          fc901bc472f9d90089ece6ffbc241ed03e76420c

          SHA256

          4e54d338fa7dc6904806ed63cb7029e3ecb7d99d6ee919e088a0f27982b40f75

          SHA512

          9b39107ba9b7c6703617deceb7ae63d163265670ea74c0ad7e329708390391a2c053a6a1b63a6f4f4d1374c05d4c33609602bdd40a9dc8dc39d0c720b261156c

        • C:\Program Files\VideoLAN\VLC\uninstall.log

          Filesize

          21KB

          MD5

          2919ed2afc1c36b6df363cf0076c6eed

          SHA1

          85ebade8abc5af3737c07a68316b20232a97769f

          SHA256

          8d5516220abb5309d96f0344425d8606758bfe2ebb60dd946f84ba20683a97ca

          SHA512

          978a9aa5f285357250e7cf3792432a3b66ddb7dd95437d13846f66211aa0da572f59fab6518daea95c6eee022ff2eb80653343d5f410100c6d452569cf9b9df1

        • C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe

          Filesize

          140KB

          MD5

          c314f48471d34bc89863326324d00b8b

          SHA1

          d245a30303952f5573db6aa1c5e8f72b5a945bd3

          SHA256

          80b33a61cd53f82dd7f784310842fb1a8f28909a1f10e7a1abbfcda3794eb759

          SHA512

          82e994ab0685d075cd13f72d981fe3d2759efd58daccf032abf311f51a52be0168032118665720aabfe8455fe748d4f931b3a8e8c20a668da12afd7f596b38ad

        • C:\Program Files\VideoLAN\VLC\vlc.exe

          Filesize

          966KB

          MD5

          3740507a1dc4ff4cb5c6e52652c10c20

          SHA1

          b2c8a0a736fe81c101f4ab4cd6be8099c3f902b3

          SHA256

          6a72cc8649a63b017844c4c1f3885a250d1a982ffe5f1e58b6f1432fe9198e62

          SHA512

          d5299859a6121c6ae5813be61648ca1f005970ebe34a8217d05b570ffbd4651f64ad7b3a7bf5129e708e07b36e097333f754b213e73d5fe9246347afd8fa3c22

        • C:\Users\Admin\AppData\Local\Temp\nsm96D3.tmp\LangDLL.dll

          Filesize

          7KB

          MD5

          20850d4d5416fbfd6a02e8a120f360fc

          SHA1

          ac34f3a34aaa4a21efd6a32bc93102639170e219

          SHA256

          860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61

          SHA512

          c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

        • C:\Users\Admin\AppData\Local\Temp\nsm96D3.tmp\System.dll

          Filesize

          26KB

          MD5

          4f25d99bf1375fe5e61b037b2616695d

          SHA1

          958fad0e54df0736ddab28ff6cb93e6ed580c862

          SHA256

          803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

          SHA512

          96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

        • C:\Users\Admin\AppData\Local\Temp\nsm96D3.tmp\nsDialogs.dll

          Filesize

          12KB

          MD5

          2029c44871670eec937d1a8c1e9faa21

          SHA1

          e8d53b9e8bc475cc274d80d3836b526d8dd2747a

          SHA256

          a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2

          SHA512

          6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7

        • C:\Users\Admin\AppData\Local\Temp\nsm96D3.tmp\nsExec.dll

          Filesize

          10KB

          MD5

          dcaaa39e47a9144ae10ee67b3183f4e1

          SHA1

          2af87fcebff57411e929dd2fce767e9a1e4d98e1

          SHA256

          da30c0f57a8a412bdc0fca182702f568bd91007475d1823464658fa523a4af9f

          SHA512

          d56997d74d841d01c62b7db4150729f395b57d065a1182249483640f80720fb6dc7a457cc3a23367982f92f85e9274507d6157f698a2e22ea11266866fb1bc2c

        • C:\Users\Admin\AppData\Local\Temp\nsm96D3.tmp\nsProcess.dll

          Filesize

          35KB

          MD5

          764371d831841fe57172aa830d22149d

          SHA1

          680e20e9b98077dea32b083b5c746d8de35e0584

          SHA256

          93df9e969053ca77c982c6e52b7f2898d22777a8c50274b54303eaa0ef5ccded

          SHA512

          19076205eba08df978ad17f8176d3a5a17c4ea684460894b6a80cae7e48fcae5e9493ff745d88d62fd44fc17bcda838570add6c38bebe4962d575f060f1584f9

        • memory/2272-14-0x0000000000400000-0x0000000000481000-memory.dmp

          Filesize

          516KB

        • memory/2272-15-0x0000000074330000-0x000000007433E000-memory.dmp

          Filesize

          56KB

        • memory/2272-16-0x0000000074320000-0x000000007432B000-memory.dmp

          Filesize

          44KB

        • memory/2272-674-0x0000000000400000-0x0000000000481000-memory.dmp

          Filesize

          516KB

        • memory/2272-677-0x0000000073FD0000-0x0000000073FD8000-memory.dmp

          Filesize

          32KB

        • memory/2272-187-0x0000000074320000-0x000000007432B000-memory.dmp

          Filesize

          44KB

        • memory/2272-183-0x0000000000400000-0x0000000000481000-memory.dmp

          Filesize

          516KB

        • memory/2272-728-0x0000000000400000-0x0000000000481000-memory.dmp

          Filesize

          516KB

        • memory/4696-681-0x0000000140000000-0x0000000140029000-memory.dmp

          Filesize

          164KB

        • memory/4696-682-0x00007FFDED3F0000-0x00007FFDED424000-memory.dmp

          Filesize

          208KB

        • memory/4696-683-0x00007FFDEC910000-0x00007FFDECBC6000-memory.dmp

          Filesize

          2.7MB

        • memory/4696-684-0x00007FFDD1DA0000-0x00007FFDD2E50000-memory.dmp

          Filesize

          16.7MB

        • memory/4696-685-0x00007FFDD4C90000-0x00007FFDD4D9E000-memory.dmp

          Filesize

          1.1MB