78f4accdfe82fceb7a536dc733d0775c8da7d8e0ced61f3f0175254ec3fbc8ef

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

YOITV1.0.0.2/YoiTV_1.0.0.2.exe
Size

15.0MB
MD5

d08dfa10f3350ef2b9baa3121bcf6097
SHA1

8c8ea94c1f95ae6c37829fcb092d6e3ccb9d81d4
SHA256

abd3bee9a5a3461c6beb58ab34f7068833c520620ff82702fde14fc5d5ffe770
SHA512

327037167cf08d03383cc42b884b79b6b14ca1f4968aa8bc99bbb17c1f174471a012a485da00fb1d31400d863b5e1e222ba1390d81eb98138cb8bdcc1e5bd6fb
SSDEEP

393216:wvdNPx+87LDJw2iD2nCAt9MKcoY3cL5bE+/morrJYX7I2HXMo:G+GLXPnCasokKxmErwXMo

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4908	YoiTV_1.0.0.2.tmp
2152	YoiTV.exe

Loads dropped DLL 21 IoCs

pid	Process
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	YoiTV.exe
File opened (read-only)	\??\F:	YoiTV.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
67	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	YoiTV.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	YoiTV.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	YoiTV.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	YoiTV.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{87112841-C556-4C42-A9A8-9F49EC37A51A}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming:.grab_device_id	YoiTV.exe
File opened for modification	C:\Users\Admin\AppData\Roaming:.grab_device_id	YoiTV.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2152	YoiTV.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4908	YoiTV_1.0.0.2.tmp
4908	YoiTV_1.0.0.2.tmp
2152	YoiTV.exe
2152	YoiTV.exe
444	msedge.exe
444	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
5304	identity_helper.exe
5304	identity_helper.exe
6084	msedge.exe
6084	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2152	YoiTV.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4908	YoiTV_1.0.0.2.tmp
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe
2152	YoiTV.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 4908	5052	YoiTV_1.0.0.2.exe	89
PID 5052 wrote to memory of 4908	5052	YoiTV_1.0.0.2.exe	89
PID 5052 wrote to memory of 4908	5052	YoiTV_1.0.0.2.exe	89
PID 4908 wrote to memory of 2152	4908	YoiTV_1.0.0.2.tmp	102
PID 4908 wrote to memory of 2152	4908	YoiTV_1.0.0.2.tmp	102
PID 4908 wrote to memory of 2152	4908	YoiTV_1.0.0.2.tmp	102
PID 1804 wrote to memory of 4296	1804	msedge.exe	110
PID 1804 wrote to memory of 4296	1804	msedge.exe	110
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 3020	1804	msedge.exe	111
PID 1804 wrote to memory of 444	1804	msedge.exe	112
PID 1804 wrote to memory of 444	1804	msedge.exe	112
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113
PID 1804 wrote to memory of 1412	1804	msedge.exe	113

C:\Users\Admin\AppData\Local\Temp\YOITV1.0.0.2\YoiTV_1.0.0.2.exe
"C:\Users\Admin\AppData\Local\Temp\YOITV1.0.0.2\YoiTV_1.0.0.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Users\Admin\AppData\Local\Temp\is-EP4G7.tmp\YoiTV_1.0.0.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-EP4G7.tmp\YoiTV_1.0.0.2.tmp" /SL5="$D006C,15388834,121344,C:\Users\Admin\AppData\Local\Temp\YOITV1.0.0.2\YoiTV_1.0.0.2.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4908
- - C:\Users\Admin\AppData\Local\YoiTV\bin\YoiTV.exe
    "C:\Users\Admin\AppData\Local\YoiTV\bin\YoiTV.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Checks processor information in registry
    - Enumerates system info in registry
    - NTFS ADS
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffcc70e46f8,0x7ffcc70e4708,0x7ffcc70e4718
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16817903449489960153,8855794040531920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:1172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x394 0x498
1⤵
PID:5476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
31KB

MD5
143851213a8c9bb73c3df32d032b5fbf

SHA1
9a08b253f9298b3a0abfd2848765893b9f684bcd

SHA256
9e9b586a3286d9c7df98e2b06517acf8cd21079a7e9d4c319233a8db6baa964c

SHA512
baebf636d3650998cbce2a986e88eec4f75016b7936d095c58330bc30c59138bbda32d19bebbb57b26f582285d1f8840b70b93ce55e5d58fc2fbc5a6c7311188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
ae6fba4a8a4923ae8fb23bbe54365bb4

SHA1
fb04d11d5f8433a5149dbbf05323cdbcbdfaf3c5

SHA256
d3effbeee1babe87697c39dab95237973aef8f4755a273b3a04b6585d927f7f3

SHA512
275b997c5819b5c360b1f5f1a8239e6f7e1631a0c75677a4d428c8a25e03400314e8eca58f54af524fb93c3b609b7c47e60ae05a7ba874651ed58b54281a2ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
547aa0f07183b7f876cf83f2cde88151

SHA1
6a3dc45823e334f8958f9657fcfe594122d3fec7

SHA256
30cfa885a1051a13bc1e37ccaf2a5a199a398c2bdaf52a0ad38ad3079f6892ed

SHA512
cc4747954e948c9cdae20e142ebfdcb872b36396c83a616fba79c2bd6f83fc5fd6506854fb64e306e7e7709c0cb34746fa59b96a9f4cce3f5d9b3cc2bea62178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
703B

MD5
e5f0edf1199fb86ce904484cffb50467

SHA1
c12f843ffaf08e51b5122e826f0de4a9706cdb32

SHA256
d59c6a2ca3bcaf6cd5b0f9d235d19f6edfdb491fda861835df5099304bf39f5a

SHA512
41bbcbfafaedb8b888fc1fffae757ea16506f27b3ad96c0254d4bfa29d7c5051816508fa91540d816b3dedbbf0c17a6d46478c3523f73a9b65079a4a8baa0231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a171e8279a2d9ae29408de53fa043528

SHA1
d54a19545fff263d53ddbc62515af181bb731d0a

SHA256
9106459c9d2c32fd38c8a4036724c1ca9d40c95ff8d54ecb618dafe0d89998d5

SHA512
4a4f9a6ca8d7bab76ea4890a7ae9e82126f328a38e91d7ae2451506e8ca76677834c1bd8219c8bc24b23c5f283c8e64601f00c5788ec6bbaaba985198e704c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9405be9c64b09bd704e7592e7fb96a33

SHA1
715ff074e3cde448659e24ea13bae59f2e385f9a

SHA256
2257261e0ed978cc811400feb9a9fc110903a1b75c42c9fbe24d3b3a8a8bd457

SHA512
90f5f1ea533391f2e523d93ad87a029c5bd76f593f2d0356309ef6ea9f5c88c7cb24abf0994ba9f78f63f917ae6d22502860544a7d48f904018393d3676739cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ace77f393438d7e648ab43b7642987c0

SHA1
0a01da56914eab50221a7212cc3af0d1791890d3

SHA256
85ad8a71f1be2d7134456a1c975b3d414a7e4f6b53c7f0a866a269c0323b8df3

SHA512
a6d9bcf307accf8b0d600b874394c23467ff8a735135fc0fd18e01a97bda2e7b05fdccce1b647eb80f33d13b58efd1ecbd1b7f36f2e5b7431660512bb4f791c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9b10ab09074cfed752c14cbbce1b027f

SHA1
8d032bca0d11596c50bfafd6d7bba78fe067ff08

SHA256
26da567b0adf58145f0b1c2bc6144633b7ac6ca233b7973e2684a8fedfe7e4a6

SHA512
f8843bea5af8b9ce7d1c618fe75729c903303ec6719f8db5e497d3d783983c392e945612ba7a00c0f197ff4c349d18ef3a0218e28662373afd4888666faf8e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
46457b83bb5b1775c48354f9c4801ac3

SHA1
a6a431e23ec2c8ab8c16c7dfcd641ea1ed4c3b31

SHA256
d7e9af94cb87d21de3134440fd15e2527e201552884ac4b77b2f2dbfde7432ca

SHA512
cd165bdcaf0b2606d9e5857b3f8e5ababfadb2776785ccd8870383645ef853c5b303c223ee58814a336e757684624a7bc4991b14bd1997ed14afa112ae0a0a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
f6d5c53bbd9e35ae2d03f6f4ff896c30

SHA1
94365c3d4688f6ee24a694b7ae6a0e972c9f73e7

SHA256
dea565b118982c82f095bcb4f316e0afba1c057bf9004acd9268928490588035

SHA512
ac6c0b679387e207291c730a5e735d440d0ebf8b6c0b1c2a3714d544d1197818ce82ab14d0169f1ba5b4175076b6b432add75de5bddbb431c0e6dbd48364f605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58eec0.TMP

Filesize
538B

MD5
584ea42c32ed7058c98a4fb94a8514d0

SHA1
3599677ad14663eaa24cb84e70312ae8f64907de

SHA256
bb580fd1fc449bb35519573f3ac9e70eebf7e4b7689fd20d18956657fbec9f91

SHA512
d9a4ebe627d2d0706cf565d9a55d7563e7368fdbbf6d45583aa29d86e2972969db8dfbe2380631977f58daa14c9fff1547a2b3e9a987ba3537c8cb2b870851c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5e0be841d3c86f10fc7e21f7726187c9

SHA1
cba235642e6dd356fd5a3d138c8183ac1ccce3bf

SHA256
052b1ac92096bbcc5cca2d5312a48791d3441d81037d2a654919f9b586b9922f

SHA512
9cfd480f14c781e208ae9e50eeec474a1e4b4c1812d7d3657ff380a283173de61595f784a713cc25e19ad44c3cbb7bfbb2a8aea9523b0e6958ca34bfaf8f15a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
704024bb5674007023881f6f4811ee42

SHA1
bb6444426f83959725de737caa21a9117212da76

SHA256
31299997ae168641a508c43a628a59e37b2b4282c8d634c0d04ebabc1963d370

SHA512
8ef557e6de14d88cdb10dd733c2a7c36559a21653f4bf20577a0b1effa6fdfc6574908fb0c084f2ba4a4a57323e5a5a96920a57f8b97edc2497cc0e11543fced

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EP4G7.tmp\YoiTV_1.0.0.2.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\LIBEAY32.dll

Filesize
968KB

MD5
02122b2a494a7d91f731e0bd6ecc438b

SHA1
5f23f4f0e49a7d658145005ac1cd5a77dd89d453

SHA256
d6f8f18d349974119ed55c54934124a932a6b99582224f573dd7c058852ecbb3

SHA512
9990711c32083814ef9b278b47db6c16943363c721039190242a93c1c1ac4e8d6a33e3ed751e5df2593895fd17f5c4bc0db48ad5a27f6d34adad3854ac02f928

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\Qt5Core.dll

Filesize
1.6MB

MD5
3477146194cb997924b0fb5b6f58c53d

SHA1
5f1e2843bcd88f3204ea215e9e595f32ed31fd76

SHA256
9fdf5078791b55ad5be3a92c4f1ae4331bc6252b013dc2443a66a23b9e2029a0

SHA512
c6efe8515aec8d41c49aed7f05e0aef7399c70bbbd0951eea8240147c36fbfdc36da20e07483d894a28f908a25b8c34e5229598f10a7a94bb31b3bd90f3b325c

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\Qt5Core.dll

Filesize
4.6MB

MD5
077a70b7279baba4fcdc8c0396dcf62c

SHA1
f59e39ab7da4d58b1526fa3b30130fdb436d3bd1

SHA256
1bdb19b20510b72a428012ad7c751b2320f54668c2f8b763716ba20622a8a706

SHA512
7b71bee0c52e8b6da1d7ce81d751f6fed16a47d875f1df7c73dbc986b830b4eaf69bd22301b36b9821664454500d97ba7957e5216ef730e5f741e3854f9be48d

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\Qt5Core.dll

Filesize
4.1MB

MD5
ea6cb702e9dfaffedd9ea8e5577cd3ec

SHA1
01064d59cf1571a20d0cf6e3bced41f3b83f83b8

SHA256
86813425ebefc97e0ff9d03d770705119d972b0467301da08b397b200e592682

SHA512
ebaceb7eeeb4b15e9951cb9f8ecc3706ddc63d8d339eb30162625e7f2108d28a5fe0e097d40262162c169e0666d1c778896039552b41f8288ead49326ae663f7

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\Qt5Gui.dll

Filesize
896KB

MD5
cfb15624da23e97d68972a2c9248c9f0

SHA1
0a33606aac961f564fd0b2b92b2ee8d85049bb40

SHA256
9c69328541a5cf67d831144419240337b62db608bf3233f95b3b1c45251e7e41

SHA512
6565f0c3ae914be7096ddd2a92eeb07f1ace6261ed5f3b436e4190c6bcb9f5bef94b3b9d6d73f67ffaeb6f6f2d4101b5ab262e95800bddeb1cfc59d6e8d0495c

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\Qt5Gui.dll

Filesize
4.5MB

MD5
9be053a6fc6ea0183947a6eda648e9b8

SHA1
4a870c05d8e529d98995c8b8a644036a115c9c57

SHA256
3f32d91e42f1507098091416eef59f686f13b8caaa0a80b66db04533f131930e

SHA512
4cc8316f1d48fe36d42a928fdde70f6c93ac111cb373034dbda15e14ef9dff9a7d8086c27d370ae126570247c2630caed1f12d222a913aa5cfd6afc549775d28

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\Qt5Network.dll

Filesize
949KB

MD5
e513725bfe1911fea0075dc4ab2b6575

SHA1
a9247b1e088995839a4c5d6ab8df32cc8c60909b

SHA256
0ab8c65276b79d15c5eb5bdf994562d49246f4f616d0129ecbe6c719d705ca34

SHA512
f0dbfe2ce1ca95f7e8c081d524aec9c50b21fc25e404c114c6bf310f25814ad01f29b3917d81c6f6faf6364094b5c3491c40e6964fed8d1058866d806fb0d14d

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\Qt5Network.dll

Filesize
832KB

MD5
82c0effb9a651588de09b61cf288de65

SHA1
f10eed56da3773be7e614b3e44457862e4f7a270

SHA256
8653435ba56e3cf2ffb1667182845c2d8838fd311df2128ff4691001c3cdc59c

SHA512
a4d0529e71a57a82674f80a8dd268419efb7ee9bf16be3c86ccdc74b722fd2ceda9f0bef93d9afdaf5a50171fa49c445954785112f423cba3f4c5d4b1c3c13cd

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\Qt5Widgets.dll

Filesize
704KB

MD5
79dd1aaa0bdcf9c773c9b2d172fd3ece

SHA1
681bd9aa25b100ec7b8b7bc40c0bc05ea5ce9786

SHA256
236a8b793b06f4661dc2996988d3dc99a196e40bb1ffe590ed02463e3378d9cd

SHA512
93c3b11620c84e346d4a783a2eb2dfbe8366893836d0f6eb624293909d7b0e5c94f22d05aa41d55b1acd9a8d53b844dc70ba27dfc76d56762ba82b4da5830f3f

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\Qt5Widgets.dll

Filesize
512KB

MD5
9a54d04ae694363f3abc74533c1024aa

SHA1
0b7d41c79e16769d985312ea0971785351877852

SHA256
439aac78b3f10e8c47efd9064641e944a56f577f7e58c33248beb44e32fa764a

SHA512
b1f447506d097b50222fbbf066c8953d321a6ebe2d6f8d36498cd0f1843d2728cd37f00b57f340a7d2bdfea313bdcb4e629e7dd92e8962ee19f03a70f369b0f5

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\SDL2.dll

Filesize
640KB

MD5
75665efd8f0d4236e7ed42c4b45589f8

SHA1
ae027e76928e3108a274211736dd041f4403d300

SHA256
51eec0282c9320cfd063841f87142c8efd64df18cd4926f585d21509e0819950

SHA512
79c2ba2a6d43682b50cc5e160e79300c865917edd41204fa5e984404db403bef981161e6b0460909496333fd0312285c5b506708e82f7d135ef5e4ab122314fc

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\SDL2.dll

Filesize
448KB

MD5
434e951225279fbb43d76a428ecec868

SHA1
1f66b3f2645ec4e52b40cddfa4f77424313fd33b

SHA256
177156414a969dfe719a4acee05cddc521fbf3d5a5d3a7de2b7dcd47254688ab

SHA512
3b8c10b6fe10f30afb1a333641a6c901ed910ea8ef08bbfe0d08ccabf38c49b4fbea8b9b32c4efe6c64871afb59f7242fc087d06e8c66bf341a66764ffb77530

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\YoiTV.exe

Filesize
8.5MB

MD5
7631d0dbf6246ee11254efb41eaf0a4e

SHA1
d1b701181a883f89017f0e25309dcdf0aaf1507d

SHA256
9742bb13a7f5c0d75fa1f645673b1e5797ca6ef3071be882ee24d449558252ed

SHA512
fbd070978dd0f6783555a3b58749ce359c7626d08212367b4aa2da76cd562084cb874cd62f2ec730dd1a30fd7aeac29567cd335c36dcfa537d8d42007cf11c44

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\YoiTV.exe

Filesize
2.1MB

MD5
b136f6fa2694723e5d0fe17fc3e6ead7

SHA1
8695e82f5ed2c72a57e97e0a56682b267ef2852d

SHA256
6ba3a014458ef693e361955ae57e0ce926baca183d9d1c3f12f549c8f42943af

SHA512
c43fc3070d797124d54f0438579d1ac71bd2dc2b87f9d4e231956a6fef21930ff3c091fca09a2bcac2a134d31c1555947fe1d8371fc5e5bb5ab1da2a806ac90d

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\YoiTV.exe

Filesize
1024KB

MD5
b446d12fbd11707631bf6eacae9c615c

SHA1
cc6de0d5b32f74cf7803ce7c9fdb55625da52072

SHA256
4cd5f7580d1e77a4e402e9f73206ad409e313dff9ed7dc02149c3ca2d21f8c24

SHA512
33b049fb8e4205622e80daa76992356a1a50ab176e507b796304bc2214bfe4a211123d1115df68fd6a2c66117ac8e79ca2b8ba9b33e07b8e7c8855f98496683d

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\YoiTV.rcc

Filesize
818KB

MD5
33a22e860c8dfc4b5d003ca0fdc236fc

SHA1
729734ffa29f96417eb72a6adf48253caa34abed

SHA256
4fe336650334dfb57a0b4ff70a960dfef76aa32b723794d60ea0fcdca743a1db

SHA512
955b91575056dc29d8e1432beda41f1574cbc3869b613d2f4aa72f3d3fec6e746ecf5c8a278b8fae9c12c6d5994e647c972e1f2bce93e460ff1fdadd658ce79c

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\avcodec-57.dll

Filesize
896KB

MD5
11c93bcfff3fdf7b1cbbba4a3b187177

SHA1
026106cc374044a5334a2ff0aaaae7f848a3778f

SHA256
8401a81e1ae0ca6ec7312c3724ce4677af98856cdfce2b0ed6845909d7aca6a6

SHA512
6bc1e7707926a88a48c70ccc0229f7b3a0a0d9251bae6f5f7b4c15d7b2a1e921767cd4b23bf70324d773b871705d6539c69cff2aaa6287a725a2fc0e3e0b52d5

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\avcodec-57.dll

Filesize
704KB

MD5
c8e7d17f5077ff8dbaf087905a58db70

SHA1
24b6ea8dd287cba2fec5c4344def93f53b191b60

SHA256
83fa8ffa8a211c3834f0a4c975314d626d647194f30936614beb2d5738857d42

SHA512
38846d84bff8c82b789e64bdd78ce5f3c72b00912b6a1bd0c72724d5f3cc7f9d3ce0f260b3c9506fec8a9879110b5900d15db3461ab507838d2322542bad5f8b

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\avutil-55.dll

Filesize
631KB

MD5
5a25e862976f96b0f3966b6c0bb7cd5a

SHA1
44a29b97f8aa00148290c780a3fa8576f1ec35ae

SHA256
38efcb9ff84d4f0a4e4a03e848e0c591ecf0eebaefb9107ea95fac68c3271796

SHA512
8a87dd9a782ad5aa744a07b427639b3c5e2493f78a8b155392a4dc4c5100950c911016f3180c4a20ee62022538293c3f90bb7ea7334f4ec8fa4a71a4a6d47aaa

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\imageformats\qgif.dll

Filesize
25KB

MD5
6150083a49dfa25d038fd8189687a249

SHA1
31d23e51cdc18f59d0b4ea3f5f7ec8c70f192366

SHA256
3c229a39a0760f515357f3e4430dca391c88eb4aafb8831be6922449f6429377

SHA512
076be7eddcfbda5c01a44e0656816a8bd4ba9849eed83b25045c1bbe79030ff4248ebe5ffa9bf6fe10fac5ac0eaed0f71e7e85ba7356b955c4dd72658006dabc

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\imageformats\qico.dll

Filesize
26KB

MD5
27c9b9c02ff86839e53f1c96cd9deae0

SHA1
a08de584a2b5ef57a22a2e550109c501829a5f33

SHA256
46527799271b40444dc866ffb9bec4c0d95d367833b633004aab88727cb966bc

SHA512
5aab7bf925ab72b6fd7ec2decb1383a5b75f5c2f91329f073d4aba5bb9bc2399f957af0ff762e323a1ead825dea9ebdca1663af78bfbfee920246db0f08e9154

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\imageformats\qjpeg.dll

Filesize
290KB

MD5
1d7f974658b7a8dadb1f7f38a397bba8

SHA1
07212e622e7f9bb66eb78c6a9bf7e1b7e6b8d5a0

SHA256
4351011506f7490ff2bcb21429c9622322e0f1f70c9f2afb54929f034603e452

SHA512
52c1e62f6c9e1fbd865ea3632cd0133412f5e8d73512fda8b48763e45a45402cedbc4dcca1235bba1818a488b92987bbfa41e798d873c60d64c5a5bd1ce594a1

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\languages\English.qm

Filesize
25KB

MD5
11f277ea055c4b5a76b0751aa4d6e957

SHA1
e9206ea06d4cfc4c51a1789f887d58887a021055

SHA256
f1653d5e86c0f947938b5a319a3f08cc1bcb75b68dc0431380548ef9cc4d529b

SHA512
79247718e4bdeef8bfa81491b94ac1905f793b556ff5f2a5154462429c2cbaa3da6843507afb649c431d3b1881b887ce9d426513555f895983ada79d0cffc3cd

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\libeay32.dll

Filesize
911KB

MD5
eb4546c8a966b9aef13e6c980023c108

SHA1
24fa707953410944b1397d4570dee0a71b0ea608

SHA256
060a1b80119852eff391116fcdde9ff669699f6c78fd72a7f193591a38dfbad6

SHA512
8f732886c0c9f0b9be083ad51e6a66c7cdaf20feb25e85f78f61f85f656ba5ce5806efb3152880d9dfa5fe3bb4b315d9862e2b1f25f58e75b4f8b897750779e5

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\libgcc_s_dw2-1.dll

Filesize
117KB

MD5
009de6456e4b54ede728b6075162d133

SHA1
416a22ce05c9216d039e5014bbaad20573ea4397

SHA256
9e70cc599187c349420ceb6f985a337fc511503cee892de04e5d0dbed7bb397c

SHA512
b24ae182fdc574a00b222275d87268e2434f5e42aed22ef6ed4754bfc6c7f3c215c7dede89540c61a12684dfddc09240a7b88aea850dc9e61bdd47408ccc8597

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\libstdc++-6.dll

Filesize
448KB

MD5
bf2582ec533f7d979f28542eac0f1502

SHA1
5740a1f9ea96118d0fd2398f22356d501ad3e912

SHA256
d016c06b04d5e61d8d87725b0685abed268fe75f6ad9de4b541ff26db3daaa02

SHA512
04de74ef2811a3c63e12782df2a38884ead410bd945743276bf34320dcb6b2200a95b370a11a6ef56039ba3dbb4286a76f493a3420ca835b58bdb6a7975fb4dc

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\libstdc++-6.dll

Filesize
384KB

MD5
251251ec5108a9e527539898191c6970

SHA1
80af3e1924034ccc949324a8acf87403ecf9fe61

SHA256
12239b1d3ffeba4d4b3bc100790a418df7c9dd023598bbfe8a35e13e6307843c

SHA512
0074782406cb782a0ec58c6fe4ddcd4b04b240658be14b02af7bdffa9281113e9f0dbc963909884ab3aee06aa52e7b0c9145a414a946f25120996c4359a5ae35

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\msvcp140.dll

Filesize
446KB

MD5
b33902774ce0eded02b0cf1b54622736

SHA1
05c4ffb6b9b9ba8a56b7a3187b7d100ab20fe8d5

SHA256
8cabbd2ad374da8e58374c6915592d217966e7ea7e0d4038aa21a2d92a5a0612

SHA512
bb7b40d3907ec7d96ed2827067b9b727bf8cc660be21d8aa40267ed25c44bf06b54654af669c5a47dbb321b3d46275780c00fffbc15a7af0c5bee03bdc3d1988

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\platforms\qwindows.dll

Filesize
1.1MB

MD5
20df6b127fdee3816e83b549246fcc14

SHA1
876b0a7dfc0ee11b52a0c27b5055f83bff79f503

SHA256
29e10ebcfcf697c3881f87b1a005eed6602c236470c933b887a6255f6a0848b4

SHA512
620d7b2366f24b80abbc6c186e7ff9ee59ad995aa7756f98c9c05f508d4ecc234cde9d272894b0d22bd1ce7d9a8a1ca519560ef58beaca76923f0386954ef0c0

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\ssleay32.dll

Filesize
272KB

MD5
b721f2dee8c20c0834fbcf70f198e69a

SHA1
469aa4b48b961d107a5b16927d9058acc421af55

SHA256
bcf3d99c3b5bd553edb4bad5902d513d454ff7dfe0b2c290d9166c45e3a0157d

SHA512
a590907ea7b13b746c0410133868883043d3de4b86150bbd755359d697426ac24abc8d6a71e61f9a7745c200e6717c42c1fd027fd914a5b0aa02b91643fef361

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\swresample-2.dll

Filesize
123KB

MD5
7bff1e86310a1afde38f2d5f516c664b

SHA1
9a6cab026d1e60d46e55d64a2adae1e21c38e1b5

SHA256
e649ccad6000af488ea60ab964250fc60524af03118ecb48789a89e693d809bb

SHA512
a2c3a6ef6bf31c64068b205c87a1ed5ac132c1480b1eb471b08c10564511d66947a4501f376f7d16c5e0e76485e321058d9de4f538a0ce1f20ba7b082275927b

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\swscale-4.dll

Filesize
532KB

MD5
4b64db7abe49f1ab2667756b5033adc2

SHA1
fe9afe1e11c10e626e15592338ecc393a4355251

SHA256
113c6dbc28da2e646f5fa8257720d896d413ea774869a7792b6d8042803a545b

SHA512
5db13af0873564671f524c2232fd16aafd17c010ede5963dd400fac9ac5a5aea58abaa6fbcc476de73a4e5cddb3503ac756834f7d099a7ba25b978c4f057f9e4

Download Submit
C:\Users\Admin\AppData\Local\YoiTV\bin\vcruntime140.dll

Filesize
85KB

MD5
cc5902b7b94f0e213e02225238723aed

SHA1
5fff49fc19f8f426ffd360fed3e1a59f0f70feb4

SHA256
dacddfb8c14e2532f6418a3f6460e4206dc578a5338c540e340bc208a4e0685f

SHA512
6f4aa64e3e0db7d9851a9863b578dd1f07d6cb5277f2cac870b402aeeddc7259ee110acc24b465280ccfc006057756a570395cab319844c751d5913ab0d98d1e

Download Submit
C:\Users\Admin\Desktop\YoiTV.lnk

Filesize
1KB

MD5
7c6631b11eaf325a69b832f0655eb92a

SHA1
d12960ffa61c9297b6b80d2f23b22d8fa99fa80b

SHA256
67c70417a50ea9928684bcb38a5ae170ffa9c472bc3c9300fe973f1548bbe574

SHA512
47dd2e7978aac309f54aa568575c702eb7fea9d1d163e68436da3527f0ab85276a568d14de3e035e53f90a506041152cce5e07cb317895e4edfd44baae67d82b

Download Submit
memory/2152-191-0x0000000072720000-0x00000000727B6000-memory.dmp

Filesize
600KB

Download
memory/2152-205-0x0000000000400000-0x0000000000C80000-memory.dmp

Filesize
8.5MB

Download
memory/2152-163-0x00000000727C0000-0x000000007287B000-memory.dmp

Filesize
748KB

Download
memory/2152-168-0x0000000000400000-0x0000000000C80000-memory.dmp

Filesize
8.5MB

Download
memory/2152-195-0x000000006FE40000-0x000000006FFC2000-memory.dmp

Filesize
1.5MB

Download
memory/2152-190-0x0000000072880000-0x00000000731A9000-memory.dmp

Filesize
9.2MB

Download
memory/2152-193-0x000000006C740000-0x000000006C84E000-memory.dmp

Filesize
1.1MB

Download
memory/2152-192-0x00000000726F0000-0x0000000072717000-memory.dmp

Filesize
156KB

Download
memory/2152-194-0x000000006EB40000-0x000000006EB64000-memory.dmp

Filesize
144KB

Download
memory/4908-11-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/4908-126-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4908-166-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4908-8-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4908-5-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/5052-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/5052-169-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/5052-7-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download