Malware Analysis Report

2025-08-05 09:28

Sample ID 240223-qkewhsgd7w
Target https://gofile.io/d/bjssM
Tags
discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://gofile.io/d/bjssM was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 13:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 13:18

Reported

2024-02-23 13:21

Platform

win10v2004-20240221-en

Max time kernel

135s

Max time network

133s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/bjssM

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9BE31822-FDAD-461B-AD51-BE1D1C159921}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9BE31822-FDAD-461B-AD51-BE1D1C159921}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9BE31822-FDAD-461B-AD51-BE1D1C159921}\InprocServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\axvlc.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9BE31822-FDAD-461B-AD51-BE1D1C159921}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\npvlc.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc.exe C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\services_discovery\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\NEWS.txt C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_splitter\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libbluescreen_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\cs\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\gu\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ia\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\custom.lua C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ml\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\axvlc.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.tta\shell\Open\MultiSelectModel = "Player" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ape\ = "VLC.ape" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.3ga\ = "3GA Audio File (VLC)" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mkv\shell\Open\ = "Play" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49E0DBD1-9440-466C-9C97-95C67190C603} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\.mka\ = "VLC.mka" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\.mod C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\.divx C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wpl\shell\AddToPlaylistVLC\ = "Add to VLC media player's Playlist" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.rar\shell\Open\MultiSelectModel = "Player" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5AF314CF-8849-4A79-A3FC-8DE6625D9E72}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg2\shell\AddToPlaylistVLC\ = "Add to VLC media player's Playlist" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.cue\shell\AddToPlaylistVLC\MultiSelectModel = "Player" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wvx\shell\AddToPlaylistVLC\Icon = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\",0" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpa\shell\Open C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5AF314CF-8849-4A79-A3FC-8DE6625D9E72}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.3gp\shell\Open C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.vob\shell\Open\MultiSelectModel = "Player" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.f4v\DefaultIcon\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\",0" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.tod\shell C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wsz C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BC97469F-CB11-4037-8DCE-5FC9F5F85307}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.tts\shell\AddToPlaylistVLC\ = "Add to VLC media player's Playlist" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ra\shell\Open C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.zip C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.amr\shell\PlayWithVLC\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\"" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.flac\shell\AddToPlaylistVLC\Icon = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\",0" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.tp\shell\AddToPlaylistVLC\ = "Add to VLC media player's Playlist" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\vlc.exe\ C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wsz\shell\Open C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\.mp2v C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg2\shell\PlayWithVLC\Icon = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\",0" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.m3u8\shell\AddToPlaylistVLC\command C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpga\shell\Open\MultiSelectModel = "Player" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.evo\shell\Open\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file \"%1\"" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\.m2ts\ = "VLC.m2ts" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.wvx C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.aifc\shell\PlayWithVLC C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.qcp\shell\AddToPlaylistVLC\MultiSelectModel = "Player" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.aiff\shell\Open\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file \"%1\"" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.amv\DefaultIcon\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\",0" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49E0DBD1-9440-466C-9C97-95C67190C603}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D076AD6-9B6F-4150-A0FD-5D7E8C8CB02C}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gvi\ = "VLC.gvi" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\.tod C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.m2ts\shell\AddToPlaylistVLC C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ac3\shell\Open C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mp2\shell\Open C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.3gp\shell\Open\ = "Play" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ogx\shell\Open\command C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0AAEDF0B-D333-4B27-A0C6-BBF31413A42E}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.aac\shell\PlayWithVLC C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.oga\shell\PlayWithVLC\Icon = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\",0" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wtv\shell\PlayWithVLC\command C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.a52\shell C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mkv\shell\ = "Open" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.rec C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5AF314CF-8849-4A79-A3FC-8DE6625D9E72}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.3ga\shell\AddToPlaylistVLC\command C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.bik\shell\PlayWithVLC C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.m4v\shell\PlayWithVLC\MultiSelectModel = "Player" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.spx\shell\Open\MultiSelectModel = "Player" C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.asf C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2892 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 1872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/bjssM

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa495b46f8,0x7ffa495b4708,0x7ffa495b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2571772923410999149,16464769712503169158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\DisableTest.AAC"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\DisableTest.AAC"

C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe

"C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe"

C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe

"C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe" C:\Program Files\VideoLAN\VLC\plugins

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\VideoLAN\VLC\axvlc.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\VideoLAN\VLC\axvlc.dll"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" "C:\Program Files\VideoLAN\VLC\vlc.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 85.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 gofile.io udp
FR 51.178.66.33:443 gofile.io tcp
FR 51.178.66.33:443 gofile.io tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 151.80.29.83:443 api.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 83.29.80.151.in-addr.arpa udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 update.videolan.org udp
FR 213.36.253.119:80 update.videolan.org tcp
FR 213.36.253.119:80 update.videolan.org tcp
US 8.8.8.8:53 119.253.36.213.in-addr.arpa udp
US 8.8.8.8:53 get.videolan.org udp
FR 62.210.246.226:80 get.videolan.org tcp
US 8.8.8.8:53 mirrors.neterra.net udp
US 8.8.8.8:53 226.246.210.62.in-addr.arpa udp
BG 31.13.223.131:443 mirrors.neterra.net tcp
US 8.8.8.8:53 131.223.13.31.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
FR 62.210.246.226:80 get.videolan.org tcp
BG 31.13.223.131:443 mirrors.neterra.net tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9cafa4c8eee7ab605ab279aafd19cc14
SHA1 e362e5d37d1a79e7b4a8642b068934e4571a55f1
SHA256 d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166
SHA512 eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

\??\pipe\LOCAL\crashpad_2892_CTXKMYGJLYQNDCSM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3bde7b7b0c0c9c66bdd8e3f712bd71eb
SHA1 266bd462e249f029df05311255a15c8f42719acc
SHA256 2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a
SHA512 5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd1b0f99d5c75b435a945205165223cf
SHA1 84c5a435167baa5b62ca3b5ca9ac0b937bf919e7
SHA256 23a7a14f47b31965da2d15449b15f330b84d8b35fb16e5500f418c94f4678c6f
SHA512 341928319759cc2519e5b65384cc3bcb7cbd799c7c60a96947704fd0c483c879d24a4d0fc23546df04251dc4c46b329607b28fa7ec527ff3a3fd763eceff2e7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 822647447a3a8aa20064165a6f2eab13
SHA1 45c36d4bf8440d4c1b1da1ab180b98ca164b1b0c
SHA256 e38910526b9f2fb4c7d1c67d0227b66ff4c23a94b7bc580c05983373c24f13f7
SHA512 accdafcf2b96abfe1dbb01a4950c30ca23fb632cbe478e0dbc622e8af73da8af36e68f4c339e761c703f8578b69ed211ca35ed5cb09a834f4accef9b825cdfec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0a98420ae53c83e6065938f7c4f894ec
SHA1 664c574e72ee5ef8e7f60f39b693b486ad633e65
SHA256 76a12c7010da2391a9637038e16c29a322d999824fc93e188b62f6cdd3fb7b39
SHA512 296c74fac34ddf9a5429a44c7cb09e55369a7ead82c1b9da9bb1e02dbc072db7ed0ff4e26fc97904387864324437f72008acb4e910ac7d45245c28c9ff4a54ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bccf7133baf0257ae4702d0d8c53ca33
SHA1 1d27924ee90c241a2f037bb460a36d6708cf61e9
SHA256 5098b16d638d73e1c3404a3e5fbe5ea87bdf4e99f7dae0d5c9f33f8129e55bad
SHA512 e38b2eeaeaf3813688fa78266802d9be16cde14b559403e7556a952321b34320554c3282e82ec906761745e04b5f7ba5102adf50061accef83e4f4439fe7288c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d6518ecb5eebe783fe858b61488129ae
SHA1 9a9d7d918c6f34f69032d10a77f467c4480d3304
SHA256 8372b12ed4db664bb6f7d76e5403b175433b9fde437415999ee57ad6c8dc7635
SHA512 9ca9b44d24462efe90cbfaadea5b2640664a218e6ab2050518da631e92920159a7321c1c7922d3b139235ddcd866c7ee2bfa925c97b4fef873ebdec39d011386

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aefcec66bab07b8d6c8830eb9fa95d07
SHA1 f76352c462cf457c44a16112b3a29b0a9fe30a8a
SHA256 476e1d2de9f37a2069d7983a72b3036968bc36f7d5544a9eaaf3fede40b6840b
SHA512 938cf6aecf3b77e301ff9bde91bbf43da771d6972383f014dd49a36cc26919152ee7ab1bdbc54a75c73cb278bfe3ac511d1326a88d1f3a00117ab10ee457b273

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 287665da168549c73a2bb7cd749e2b7a
SHA1 d1d679ba0b82c0b9f9e5c601cd8072d6ffd998a2
SHA256 c9fadbbf10603c9ea78560074552de592a668641de8c4457d35bc44b80b86df6
SHA512 025c9f757731b7ff0f2ac113032c685b3ca3e398c3f4729dc5b72b2cde55860172ba30c8341348c1cb4c7c4ba3e4660b2f30df128aa539da86226a509190f24b

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 8874cddebcb03ae3148a455e7855296e
SHA1 2f37233851202bffe79d99cc2d68e65243f3a1d6
SHA256 bb96c2364a4092404535c725866cbf28f7506933f0d3d54d57f1fb6665aaaec6
SHA512 f07d14eeba9f4d3ba41c908153f86a844dd73a65f22f399200cf7c67f14bb7c14f535f8113026578e3144c73f81cf65be7063b7c3e8a9d0d53d9830f364d927a

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

MD5 f92f2e0aef116f81c5c278e23b20624b
SHA1 658e436be2960a41f012f69b7c2f566a947c6ec5
SHA256 8a46fe54cf6556c4ca28493dd1bf5bf7683ed4cc14c8e646b9ce0bc26609582e
SHA512 bfd8c5c6beaa45bb5afbed0bef16f74122dc864c8fdae3bb8d82879d1b8ab26c051c9ed71a4797487fd33c0e1de37c7e494ed6d7e10187fdabefecf821df0a1c

memory/3952-231-0x00007FF63F730000-0x00007FF63F828000-memory.dmp

memory/3952-232-0x00007FFA4A1B0000-0x00007FFA4A1E4000-memory.dmp

memory/3952-233-0x00007FFA39E90000-0x00007FFA3A144000-memory.dmp

memory/3952-234-0x00007FFA4C740000-0x00007FFA4C758000-memory.dmp

memory/3952-235-0x00007FFA4A890000-0x00007FFA4A8A7000-memory.dmp

memory/3952-236-0x00007FFA4A020000-0x00007FFA4A031000-memory.dmp

memory/3952-238-0x00007FFA49DD0000-0x00007FFA49DE7000-memory.dmp

memory/3952-244-0x00007FFA49DB0000-0x00007FFA49DC1000-memory.dmp

memory/3952-247-0x00007FFA49D90000-0x00007FFA49DAD000-memory.dmp

memory/3952-248-0x00007FFA49D70000-0x00007FFA49D81000-memory.dmp

memory/3952-254-0x00007FF63F730000-0x00007FF63F828000-memory.dmp

memory/3952-256-0x00007FFA39E90000-0x00007FFA3A144000-memory.dmp

memory/3952-255-0x00007FFA4A1B0000-0x00007FFA4A1E4000-memory.dmp

memory/3952-253-0x00007FFA37170000-0x00007FFA3821B000-memory.dmp

C:\Users\Admin\AppData\Roaming\vlc\vlcrc

MD5 478a4a09f4f74e97335cd4d5e9da7ab5
SHA1 3c4f1dc52a293f079095d0b0370428ec8e8f9315
SHA256 884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974
SHA512 e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

MD5 781602441469750c3219c8c38b515ed4
SHA1 e885acd1cbd0b897ebcedbb145bef1c330f80595
SHA256 81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d
SHA512 2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

memory/4840-268-0x00007FF63F730000-0x00007FF63F828000-memory.dmp

memory/4840-269-0x00007FFA50360000-0x00007FFA50394000-memory.dmp

memory/4840-270-0x00007FFA39E90000-0x00007FFA3A144000-memory.dmp

memory/4840-271-0x00007FFA4C740000-0x00007FFA4C758000-memory.dmp

memory/4840-272-0x00007FFA4A890000-0x00007FFA4A8A7000-memory.dmp

memory/4840-273-0x00007FFA4A1D0000-0x00007FFA4A1E1000-memory.dmp

memory/4840-274-0x00007FFA3A260000-0x00007FFA3A460000-memory.dmp

memory/4840-275-0x00007FFA49DB0000-0x00007FFA49DEF000-memory.dmp

memory/4840-277-0x00007FFA4A1B0000-0x00007FFA4A1C8000-memory.dmp

memory/4840-276-0x00007FFA4A010000-0x00007FFA4A031000-memory.dmp

memory/4840-279-0x00007FFA49D70000-0x00007FFA49D81000-memory.dmp

memory/4840-280-0x00007FFA49D50000-0x00007FFA49D61000-memory.dmp

memory/4840-278-0x00007FFA49D90000-0x00007FFA49DA1000-memory.dmp

memory/4840-281-0x00007FFA49D30000-0x00007FFA49D4B000-memory.dmp

memory/4840-282-0x00007FFA49C10000-0x00007FFA49C21000-memory.dmp

memory/4840-283-0x00007FFA49BF0000-0x00007FFA49C08000-memory.dmp

memory/4840-284-0x00007FFA49BC0000-0x00007FFA49BF0000-memory.dmp

memory/4840-285-0x00007FFA401D0000-0x00007FFA40237000-memory.dmp

memory/4840-286-0x00007FFA3B0F0000-0x00007FFA3B15F000-memory.dmp

memory/4840-287-0x00007FFA49B10000-0x00007FFA49B21000-memory.dmp

memory/4840-288-0x00007FFA49980000-0x00007FFA49991000-memory.dmp

memory/4840-289-0x00007FFA395B0000-0x00007FFA39728000-memory.dmp

memory/4840-290-0x00007FFA39490000-0x00007FFA395A2000-memory.dmp

memory/4840-291-0x00007FFA49890000-0x00007FFA498A7000-memory.dmp

memory/4840-293-0x00007FFA49220000-0x00007FFA4923D000-memory.dmp

memory/4840-294-0x00007FFA49010000-0x00007FFA49021000-memory.dmp

memory/4840-295-0x00007FFA3A200000-0x00007FFA3A256000-memory.dmp

memory/4840-296-0x00007FFA48DE0000-0x00007FFA48E08000-memory.dmp

memory/4840-297-0x00007FFA39460000-0x00007FFA39484000-memory.dmp

memory/4840-292-0x00007FFA49870000-0x00007FFA49881000-memory.dmp

memory/4840-298-0x00007FFA48FF0000-0x00007FFA49007000-memory.dmp

memory/4840-299-0x00007FFA48F70000-0x00007FFA48F81000-memory.dmp

memory/4840-300-0x00007FFA39400000-0x00007FFA39457000-memory.dmp

memory/4840-301-0x00007FFA393D0000-0x00007FFA393FF000-memory.dmp

memory/4840-302-0x00007FFA3A1E0000-0x00007FFA3A1F3000-memory.dmp

memory/4840-303-0x00007FFA393B0000-0x00007FFA393C1000-memory.dmp

memory/4840-304-0x00007FFA392E0000-0x00007FFA393A5000-memory.dmp

memory/4840-305-0x00007FFA392C0000-0x00007FFA392D2000-memory.dmp

memory/4840-306-0x00007FFA39140000-0x00007FFA39151000-memory.dmp

memory/4840-307-0x00007FFA39120000-0x00007FFA39134000-memory.dmp

memory/4840-308-0x00007FFA39100000-0x00007FFA39112000-memory.dmp

memory/4840-310-0x00007FFA390C0000-0x00007FFA390DE000-memory.dmp

memory/4840-309-0x00007FFA390E0000-0x00007FFA390F4000-memory.dmp

memory/4840-311-0x00007FFA37170000-0x00007FFA3821B000-memory.dmp

memory/4840-313-0x00007FFA39070000-0x00007FFA3909D000-memory.dmp

memory/4840-312-0x00007FFA390A0000-0x00007FFA390B7000-memory.dmp

memory/4840-314-0x00007FFA38EB0000-0x00007FFA39063000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe

MD5 9c5d58aa5ef1c6580231784c28fdd00d
SHA1 aa9cfcb6e856725624da4a3d7cb47ab907e0019a
SHA256 c08fd244c061548650c774ff92768837f3c5de2580caae635153ad1fbc2a05fc
SHA512 6a560574bd9e78e646ac2a722b33465b938b31273817a0f07f4ccd7c89aabacb20b2db229012e293f15f96f13375efc89fecb00f0338457ea080ac8bb7337a54

C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe

MD5 cc03d3840238c1d2bc5c049ffc44681c
SHA1 080b2f01c32ca5adf6f0a7bb9b10550fe594b59e
SHA256 9b491294e32c2eaa7b6c505596027374cbcfb1b26d6ad817b5ae169f4cc90328
SHA512 a74f501181ec49252b56300d7e1f4cda8d31392f3b01f0e788d65784a8a3c8a96cbf79dda6c62e8a6cccfd185ecfdb2b300fd157a044279ad636c4008d367af9

C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe

MD5 cb1911f0f01f2994484cfab8f2733eb7
SHA1 386b4728c4ca4096e44f94de327c1858c59b34cc
SHA256 2f482dd66b90b26e89c1cf260f075be0614f03a108ee498ddcfe667e287dd0c8
SHA512 ea541cb18ce724645f539c574c8a48a31a868d2da9a092d036ae244fddda15affec67f334f07597feabd85957cc559c3101f38bc93e7827995f12bf2fcbe1813

C:\Users\Admin\AppData\Local\Temp\nsrBB2F.tmp\LangDLL.dll

MD5 20850d4d5416fbfd6a02e8a120f360fc
SHA1 ac34f3a34aaa4a21efd6a32bc93102639170e219
SHA256 860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61
SHA512 c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

C:\Users\Admin\AppData\Local\Temp\nsrBB2F.tmp\System.dll

MD5 4f25d99bf1375fe5e61b037b2616695d
SHA1 958fad0e54df0736ddab28ff6cb93e6ed580c862
SHA256 803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647
SHA512 96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

C:\Users\Admin\AppData\Local\Temp\nsrBB2F.tmp\nsDialogs.dll

MD5 2029c44871670eec937d1a8c1e9faa21
SHA1 e8d53b9e8bc475cc274d80d3836b526d8dd2747a
SHA256 a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2
SHA512 6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7

C:\Users\Admin\AppData\Local\Temp\nsrBB2F.tmp\nsProcess.dll

MD5 764371d831841fe57172aa830d22149d
SHA1 680e20e9b98077dea32b083b5c746d8de35e0584
SHA256 93df9e969053ca77c982c6e52b7f2898d22777a8c50274b54303eaa0ef5ccded
SHA512 19076205eba08df978ad17f8176d3a5a17c4ea684460894b6a80cae7e48fcae5e9493ff745d88d62fd44fc17bcda838570add6c38bebe4962d575f060f1584f9

C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo

MD5 bbe76d1ac5f20a0bf6ba7cdb3624b1e2
SHA1 c78ae9b700ba77e8f69a1bd8c17656f843f4e551
SHA256 25bf0fe95a0e02257958699d9e7ee99984c17d5b027b5d10f4246932abc5defb
SHA512 85786fdde4b693eb8bebb1c52706b0ad11bcc0279742321d08e158cf98dcf789659592e0335fae0c9b8ba529884d8d9c7e7e4a6cde6979d590700cd4cc5cc1fd

C:\Users\Admin\AppData\Local\Temp\nsrBB2F.tmp\nsExec.dll

MD5 dcaaa39e47a9144ae10ee67b3183f4e1
SHA1 2af87fcebff57411e929dd2fce767e9a1e4d98e1
SHA256 da30c0f57a8a412bdc0fca182702f568bd91007475d1823464658fa523a4af9f
SHA512 d56997d74d841d01c62b7db4150729f395b57d065a1182249483640f80720fb6dc7a457cc3a23367982f92f85e9274507d6157f698a2e22ea11266866fb1bc2c

C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe

MD5 c314f48471d34bc89863326324d00b8b
SHA1 d245a30303952f5573db6aa1c5e8f72b5a945bd3
SHA256 80b33a61cd53f82dd7f784310842fb1a8f28909a1f10e7a1abbfcda3794eb759
SHA512 82e994ab0685d075cd13f72d981fe3d2759efd58daccf032abf311f51a52be0168032118665720aabfe8455fe748d4f931b3a8e8c20a668da12afd7f596b38ad

C:\Program Files\VideoLAN\VLC\libvlc.dll

MD5 12301645d2d72c0f480f2a6a65bc706e
SHA1 d9350fdedc5c3c311cea7f5087cecf24c1793ba4
SHA256 a2625d21b2cbca52ae5a9799e375529c715dba797a5646adf62f1c0289dbfb68
SHA512 fc856a3badd2479d2e30cb77b97d46db60946e2b15cd90425f85ebd877c67ab4752035b7c6f969f8188ef6a7206d2199ac11fb6c2746a758e2a7f640fe73a700

C:\Program Files\VideoLAN\VLC\libvlccore.dll

MD5 aac32e4706549600893a52a84799fc42
SHA1 7766d2173214b3a80c5950ba4803e8db632caabd
SHA256 89daaa0a56f88f19141ceff0d21b5358c1052ac59ebf9f12c76d31f646ca654b
SHA512 f2a6aae77b4cd9b965e0185e5b843bf004ee8db86ad71dc7c0a50b9c9ee3317f9c69a378ddb420e4aa43a831d4b7396c7c1d6f4347f66bf9a2eba1f615aace84

C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll

MD5 0e15e4a2a2c4ca6596fadba8fd698886
SHA1 b4400814c9e6b8b4d81444de1d6582ee29543b84
SHA256 05d894562b569132df7ce2f285bcf3bc008b0d112f1f5acceef210e4ea3096b4
SHA512 4def562b67fb37a16c1f7ef725ebf8ab5b0cc91f3a9fd78e061b8031e67baf3d34b51e6b82c9e717a1699b8642c94a3994021cd06e2430605eed17674cbca369

C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll

MD5 786445e14f3df9b3f3392163968da553
SHA1 d6b70f237826a20891d60a446e66508f7634c851
SHA256 29891e75c4dd8e89d3c223bbf9572fc75b7de6fa60c6da22ba0756d909f5caf8
SHA512 ebfd2133b5755e24a42829a9e655451067b6cf7ed5cb5bfd775f122c58d70f3e112e6feef1c92ddcc5abb8ccb94aa8004e657be994310775f3261d6036a5ce3b

C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll

MD5 52fa49105a67f737c9792d776833360a
SHA1 20716a639445219812f2725f0e8a9ddb9bf7b489
SHA256 6746a6b131b4338fdbd03f9d63683ff3442e0b11b9e1691b2c0a6676a804770a
SHA512 fd08397a932b4bad1a3b03238f0712a2e08ea8635a7babba35a33ce22fb37639da7d9e078fbe29d36c2a30157bafdded1a6cb3c45b943b41f8db8b3b4efdce53

C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll

MD5 5976f65a561c9a2aeadb7cfd50573d9c
SHA1 a21a4127d7d59b2bcb85011180abb4cc3d911017
SHA256 1bc95320136876ae16af46ec405b494d0578da12f5103cf191f20fd1a5afa546
SHA512 e32aa769eb252ec4ac81d6fbf93e61618de7a128172291c561c2959ac70996af26e4e46c20feea109a3201f6a334d2e79081b20e126e54fe843303ab6fe56c93

C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll

MD5 5b0bc2238c0841d3e145e65c063ea4ec
SHA1 6c2e3a411aff78de463adff3c82ea2caaafeb050
SHA256 5d9f494558998cd8b4f1177a4833ba5608c36186ce8ca68b58bea24ae20f8fcf
SHA512 55f4abf59138aab5594079c4a679cc8d959c8b86b59c4a39dc469d038ca43a916b02599b974be99e14e8686df0938e7805759f8d56354c86676f81e9659b5995

C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll

MD5 0981fb051c988d1e4ff33be127132b21
SHA1 7b503d2fbd45bba81dbd66a6fa44492410c8281d
SHA256 09f21670a1da71fc8c04ec88b9a3066bd8d6848d7d852b0e3580926a94df957f
SHA512 f4550478d6bfdc84634496d2b3349172803eddb17b981faef8f8d769af3baf8d2bde156fc5d855e7e1d587e6c17887dc13a1c23ac9b8f6ff88834c6d560f3f4d

C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll

MD5 ede792db2e18a21b797ef5fed54b8c4b
SHA1 4000bb059d1da7ad794edba3a4214913c12ce9bf
SHA256 482eb8d973a09ced4ad2a2373026d7757a708057977a5a131f875cb5962e1f9b
SHA512 503d879df0c1bffb530482f4c0f84ce30947b513ae49a24d01611839205d4177450fe4d5a73d0cd37cd2c4a09f10a2fab983827d0ebe626b1d45c3d83d0ddf89

C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll

MD5 e71c982fe2454d646e7b648e32164b9b
SHA1 6d0a9bd50732f029bd54aa226c873d33b9e99864
SHA256 bf5c5862e72ee510b31f4b2fa12d3515c21f3b5da8f0b0d6378bbd051673ff14
SHA512 8061381c96173d95ef83067ff61283aca982d22ed87838e349caa8481b63a20c3cfc4b7ce7ed008a8d95faf1dea693f28daa7633bc05b02b6f05fc73eb3322c9

C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll

MD5 399c70d81ee56fee27778f5df76bcffb
SHA1 61a55e01280e7de7d0d01490f5cee31eaa607db0
SHA256 8b6a92c5e127c876f273b52b05c8325d45832e1ba0be6e3ed160135287908a1c
SHA512 50d4c01fdff9d7ec138e409cef9293bec1257f3f93a45835d254e888f1daf5438f4ca37e2c18c46668b35dbd04d9bfa960a69bfe9a843a0085114c999e30c41f

C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll

MD5 ce1f7a7433178227272ad77a522fc200
SHA1 814938b4ba64efd354d1252a449a6baa40f33820
SHA256 c04be5fab98b519d8996a9b57584d64f3de73c454694b5f1d6012d44c269d8d7
SHA512 6f8cd97007adeb9c403676483eba494592a6bf879471d7f98ab6dd60e56caf5608093d85218ae62cc0c11bb25a573b6d992022a34093a426bf565e67261d38b0

C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll

MD5 129ba26cd57fb96fe94849e6a4535129
SHA1 a955560058bc11f34106f25410a9c37d1d919d36
SHA256 1a1a4e697bb2414f5a83ed06a31cdb7c27cf9bc323f42c8f7cca6f0422773fa5
SHA512 b5b487336c66d8ed72bdc36992296fb5d4453a4e896ccb0b1e7d200e284803401b5c3d0dc4780e633a22035554e354312129597497697601ce9982cd0d26d90c

C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll

MD5 b4946f5d1ce5f852fb2cd5c7fcf0ef16
SHA1 e2fd596f08ca7cfc76fe4d91fb0c6ec20c5eb0e9
SHA256 3a0c8757c69c5e163021e6796048a642c3782c3ab68d9273c5ef9b9f24819a69
SHA512 036791e8cc4b160d72c4e6f1f7e2bd3ef6721e68a4406944204cbdf1202b41f63d6bf4563124bb354bf118b27149a8a755b76b01ad027f909787d5b4ed23468c

C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll

MD5 eb1b5d8cb254acb3a2d992bb63d9968e
SHA1 d929b1186f0012a403ed12330c9fe390af2d5611
SHA256 1ff8ad85e19ad33ef6a95da935c9e057c5760ab5a5c8fdfaa31cc0661c1b9a5f
SHA512 d07a48a9bd48e084def52bc84c37c33ba5c97753e5f6f8cedc82a7d44d0c1a220d5c7c1ea2a072a83b6940c985591f4c49321afac894a1907dfd30c5fdcd007f

C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll

MD5 14abf48f37326eae02ffe9735b3e9e3e
SHA1 bc4fd6c73e86b7a2cc777adbedf5e6d13c37548e
SHA256 9230d77eb998ec1e8d1463ae329567c7a2cfbac908f78d44b1eacba29298f5be
SHA512 d840f247fe2cfd7520b5d6d97aad4af8d70d19d1fc30d7a2fcbb93ab71d5977f646bdca02dcbf1701ff161282d5e3fd6aa6452fabeff180e44815be5b80838fb

C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll

MD5 ce0d3532d91dd667377fa932c062bb35
SHA1 0b547f9a285069b4b48e73bb418528f80f8b1724
SHA256 e26ba30591b78d5399fdd9effb4e8d0d336aec20041567067488fb9b41a4a7ed
SHA512 235bcec66c66998e79fc93ce49b56f09a8a825e6f0e107dc5478238b0d5badae850d0f47daa912ffc2f151a3a47c25a5ff6475c82460bdfe04348bd6c3f809f6

C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll

MD5 8a8f11237d8e83de67315c078b28a933
SHA1 e06e375085b095a220e28c36edc540d75b79e662
SHA256 6b9a9fc8c264fb20d5c72db986333c3b4feb8eb05fcb0f882d28b62e0d1d5704
SHA512 8977391909c76ab809279d63f5e43693d2d484b66d172948d98dd13400f70457a381cc87fdea2e130e94a6b2ce3f3120c818bca464b287cfc5f684bce95b4568

C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll

MD5 ff5957e544f7d9997e79e4ba692b9e58
SHA1 94b3f29a89134132e810abb0a01696eb4cbfd73c
SHA256 fb1dbdad5f819b76e84192339148c5aa8bc752cc9753e4b844fcb488cd0801c6
SHA512 0c4f2b158e330e7a28a20f0058441595fbf6dfd0f4f15e6d61ec7180871a19227cc10eb3527acb61b461f221e39636a5d5ffaa8e85c08856a662bdec40943bb7

C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll

MD5 36f73931514be53e12378860904aaeb1
SHA1 28496b852c3364e5b4c60830061594ebf5ce64e7
SHA256 f2016e1af95a85224614dec09bf0a8a8e87b37a75011ca9eb32c5bc04f6e6656
SHA512 38fc5febb9b21fae59072d8f04afed9226bcc9e5ab44e5fa1d00fdefe1caf7411edcb21a02a6f02d051b4acb43d5a7d18a3ad72b99b39d50a81abd19ca38a9f6

C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll

MD5 aa43cee76c4387d710849f4338fe52b2
SHA1 d500c6dfb921486054db380408128d47ec7f5957
SHA256 5499574b67f736506f8733d029995cd769870ad03b7a3f3e7686c01223e9ad7a
SHA512 5554c621e6acbab6d521a739f69250fe06b178a396764c66e311561636bca02ed90713165902ca3f9afbd09dfc6a95377b9dd833df5deeefcdd8b86d47fced56

C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll

MD5 cbc1d8fce47dc898a8bbe923d4046b4a
SHA1 c55166e5a7d3068eef9305b1fd28ecce8cfe2832
SHA256 d9e21fb0b03be335444435ae2af68d52c92347642c41d52b44924a0787ad5190
SHA512 9916595ec21b6365224382beb3de88747baff4ed5d6ccd1287a8c0ea9b5c9d4fa01cffd9aabdd5ac2c4fb1b5013e99464a366247bf1fd10e138a7c4fe9432711

C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll

MD5 3b513f5ed9c2607966b095c28050f958
SHA1 32f62ddee0c95c12fd96f289735934c45718594e
SHA256 54e1fe5c3a562a7c71a853e63aa355430eb1ba28bad6e7b9097c02b338e9968c
SHA512 e25bf53c5d80f10c474c1316000eede07b713ec256adab7b6c946b58b68cbc1afc16f49e0df88f4a3e105ab1e77ef1e7303e087bca0a79a3b9713d1b39fbbe9a

C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll

MD5 05d7bf0cc8a26a2c7c178f28451df600
SHA1 a2b451be4f9b4250454d64b268f2f2bc25e87505
SHA256 4906cec55a66ef53a3e4dd1d09b244fcecc02ba37d2f017b6f44904f1d8bce06
SHA512 09c4f774b3a66d96c84c700832f54073d997fb585f65ef907aeac5f8c7f07d03c62adb6ef8c6fa6aee202a6b06ba96fcdc79dbb9a4b495bb96f0c46bb15d968a

C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll

MD5 a137f71c6dde9f60cfca58f280feead8
SHA1 f298d0231a4aeed11b21a9b14c4fe20e9db4714d
SHA256 6851a0bc1a53d80f5007757c2421a0e317a8b0c79a6ef3dad8c078db9b6d6fb4
SHA512 d37c16e9fce24a893d1c2d9c50a8972ae016e4fefe620db8d867e2b6f405cbc501868c88c914e77fbac03ded58bdda8f21296d10210327abeb64d377c3c6a63c

C:\Program Files\VideoLAN\VLC\vlc.exe

MD5 3740507a1dc4ff4cb5c6e52652c10c20
SHA1 b2c8a0a736fe81c101f4ab4cd6be8099c3f902b3
SHA256 6a72cc8649a63b017844c4c1f3885a250d1a982ffe5f1e58b6f1432fe9198e62
SHA512 d5299859a6121c6ae5813be61648ca1f005970ebe34a8217d05b570ffbd4651f64ad7b3a7bf5129e708e07b36e097333f754b213e73d5fe9246347afd8fa3c22

C:\Program Files\VideoLAN\VLC\uninstall.log

MD5 2919ed2afc1c36b6df363cf0076c6eed
SHA1 85ebade8abc5af3737c07a68316b20232a97769f
SHA256 8d5516220abb5309d96f0344425d8606758bfe2ebb60dd946f84ba20683a97ca
SHA512 978a9aa5f285357250e7cf3792432a3b66ddb7dd95437d13846f66211aa0da572f59fab6518daea95c6eee022ff2eb80653343d5f410100c6d452569cf9b9df1