Analysis Overview
Threat Level: Known bad
The file https://mega.nz/folder/NS83jazB#MqObg2t6GAd90aKbpzj9Yw/file/UeckXbJD was found to be: Known bad.
Malicious Activity Summary
Xworm
Detect Xworm Payload
Registers COM server for autorun
Drops startup file
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
Checks installed software on the system
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Modifies system certificate store
Creates scheduled task(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Uses Task Scheduler COM API
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 20:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 20:26
Reported
2024-05-26 20:28
Platform
win11-20240508-en
Max time kernel
151s
Max time network
153s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOWS.lnk | C:\Users\Admin\AppData\Local\Temp\WINDOWS.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOWS.lnk | C:\Users\Admin\AppData\Local\Temp\WINDOWS.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ = "C:\\Program Files\\obs-studio\\data\\obs-plugins\\win-dshow\\obs-virtualcam-module64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000\Software\Microsoft\Windows\CurrentVersion\Run\WINDOWS = "C:\\Users\\Admin\\AppData\\Roaming\\WINDOWS.EXE" | C:\Users\Admin\AppData\Local\Temp\WINDOWS.EXE | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\ja-JP.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\nn-NO.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\en-US.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\eu-ES.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\nl-NL.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\bin\64bit\imageformats\qsvg.dll | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\az-AZ.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\bg-BG.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\luma_wipes\sinus9.png | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\sr-SP.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\rtmp-services\locale\tl-PH.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\ka-GE.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\id-ID.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\gl-ES.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-scripting\64bit\obslua.pdb | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\hi-IN.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\aja\locale\ar-SA.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\fi-FI.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\obs-plugins\64bit\locales\ur.pak | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\vlc-video\locale\it-IT.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-studio\themes\Rachni\radio_unchecked_focus.png | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-x264\locale\de-DE.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\vlc-video\locale\bn-BD.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-dshow\locale\pt-BR.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\sl-SI.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\fi-FI.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\bn-BD.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\ur-PK.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\ka-GE.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\sr-SP.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-browser\locale\gl-ES.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\locale\be-BY.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\decklink\locale\uk-UA.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\nn-NO.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-studio\themes\Light\mute.svg | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\de-DE.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\coreaudio-encoder\locale\nn-NO.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\rtmp-services\locale\zh-CN.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\et-EE.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\sl-SI.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\eu-ES.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-studio\locale\et-EE.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\hi-IN.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\obs-plugins\64bit\locales\fa.pak | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\es-ES.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\th-TH.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\it-IT.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-x264\locale\en-US.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Dark\settings\video.svg | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\obs-websocket\locale\hy-AM.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\uk-UA.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\win-capture\get-graphics-offsets64.exe | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\libobs\solid.effect | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Rachni\radio_checked.png | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\aja\locale\eu-ES.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\bn-BD.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\kab-KAB.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\lt-LT.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Acri\radio_checked.png | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File opened for modification | C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\sv-SE.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\locale\es-ES.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\ca-ES.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-capture\graphics-hook64.pdb | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\locale\cs-CZ.ini | C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\CLSID = "{A3FCE0F5-3493-419F-958A-ABA1250EC20B}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FriendlyName = "OBS Virtual Camera" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ = "C:\\Program Files\\obs-studio\\data\\obs-plugins\\win-dshow\\obs-virtualcam-module32.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b714e56313200001000800000aa00389b71 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\ = "OBS Virtual Camera" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ = "C:\\Program Files\\obs-studio\\data\\obs-plugins\\win-dshow\\obs-virtualcam-module64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\ = "OBS Virtual Camera" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b714e56313200001000800000aa00389b71 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\CLSID = "{A3FCE0F5-3493-419F-958A-ABA1250EC20B}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FriendlyName = "OBS Virtual Camera" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Fake Call Studio..zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WINDOWS.EXE | N/A |
| N/A | N/A | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WINDOWS.EXE | N/A |
| N/A | N/A | C:\Program Files\obs-studio\data\obs-plugins\win-capture\get-graphics-offsets64.exe | N/A |
| N/A | N/A | C:\Program Files\obs-studio\data\obs-plugins\win-capture\get-graphics-offsets32.exe | N/A |
| N/A | N/A | C:\Program Files\obs-studio\bin\64bit\obs64.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/NS83jazB#MqObg2t6GAd90aKbpzj9Yw/file/UeckXbJD
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcfa663cb8,0x7ffcfa663cc8,0x7ffcfa663cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5376 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004CC
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_Fake Call Studio..zip\Fake Call Studio.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Fake Call Studio..zip\Fake Call Studio.exe"
C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE
"C:\Users\Admin\AppData\Local\Temp\FAKE CALL STUDIO.EXE"
C:\Users\Admin\AppData\Local\Temp\WINDOWS.EXE
"C:\Users\Admin\AppData\Local\Temp\WINDOWS.EXE"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "WINDOWS" /tr "C:\Users\Admin\AppData\Roaming\WINDOWS.EXE"
C:\Users\Admin\AppData\Local\Temp\nsu4B0.tmp\check_for_64bit_visual_studio_2019_runtimes.exe
C:\Users\Admin\AppData\Local\Temp\nsu4B0.tmp\check_for_64bit_visual_studio_2019_runtimes.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module32.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module64.dll"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Program Files\obs-studio\bin\64bit\obs64.exe
"C:\Program Files\obs-studio\bin\64bit\obs64.exe"
C:\Program Files\obs-studio\data\obs-plugins\enc-amf\enc-amf-test64.exe
../../data/obs-plugins/enc-amf/enc-amf-test64.exe
C:\Program Files\obs-studio\bin\64bit\obs-qsv-test.exe
"C:/Program Files/obs-studio/bin/64bit/obs-qsv-test.exe" 4F87 50C5
C:\Program Files\obs-studio\data\obs-plugins\win-capture\get-graphics-offsets64.exe
../../data/obs-plugins/win-capture/get-graphics-offsets64.exe
C:\Program Files\obs-studio\data\obs-plugins\win-capture\get-graphics-offsets32.exe
../../data/obs-plugins/win-capture/get-graphics-offsets32.exe
C:\Program Files\obs-studio\obs-plugins\64bit\obs-browser-page.exe
"C:\Program Files\obs-studio\obs-plugins\64bit\obs-browser-page.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent-product="Chrome/103.0.5060.134 OBS/29.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --parent_pid=5832 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\obs-browser\debug.log" --mojo-platform-channel-handle=4508 --field-trial-handle=4880,i,11266456950298330976,15141799980637133331,131072 --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,WinUseBrowserSpellChecker /prefetch:2
C:\Program Files\obs-studio\obs-plugins\64bit\obs-browser-page.exe
"C:\Program Files\obs-studio\obs-plugins\64bit\obs-browser-page.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=disable --user-agent-product="Chrome/103.0.5060.134 OBS/29.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --parent_pid=5832 --log-file="C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\obs-browser\debug.log" --mojo-platform-channel-handle=5008 --field-trial-handle=4880,i,11266456950298330976,15141799980637133331,131072 --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files\obs-studio\obs-plugins\64bit\obs-browser-page.exe
"C:\Program Files\obs-studio\obs-plugins\64bit\obs-browser-page.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent-product="Chrome/103.0.5060.134 OBS/29.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --parent_pid=5832 --log-file="C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\obs-browser\debug.log" --mojo-platform-channel-handle=5028 --field-trial-handle=4880,i,11266456950298330976,15141799980637133331,131072 --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files\obs-studio\obs-plugins\64bit\obs-browser-page.exe
"C:\Program Files\obs-studio\obs-plugins\64bit\obs-browser-page.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/103.0.5060.134 OBS/29.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --parent_pid=5832 --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\obs-browser\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=5244 --field-trial-handle=4880,i,11266456950298330976,15141799980637133331,131072 --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files\obs-studio\obs-plugins\64bit\obs-browser-page.exe
"C:\Program Files\obs-studio\obs-plugins\64bit\obs-browser-page.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/103.0.5060.134 OBS/29.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --parent_pid=5832 --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\obs-browser\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=5252 --field-trial-handle=4880,i,11266456950298330976,15141799980637133331,131072 --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,WinUseBrowserSpellChecker /prefetch:1
C:\Users\Admin\AppData\Roaming\WINDOWS.EXE
C:\Users\Admin\AppData\Roaming\WINDOWS.EXE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5544 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2564185779317601382,13214119987810674590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.127.203.66.in-addr.arpa | udp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| LU | 89.44.168.86:443 | gfs270n892.userstorage.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| BE | 94.24.37.80:443 | gfs206n170.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.80:443 | gfs206n170.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.80:443 | gfs206n170.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.80:443 | gfs206n170.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.53:443 | gfs270n427.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.53:443 | gfs270n427.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.53:443 | gfs270n427.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.53:443 | gfs270n427.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.71:443 | gfs262n361.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.71:443 | gfs262n361.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.71:443 | gfs262n361.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.71:443 | gfs262n361.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.121:443 | gfs204n169.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.121:443 | gfs204n169.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.121:443 | gfs204n169.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.121:443 | gfs204n169.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.73:443 | gfs214n163.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.73:443 | gfs214n163.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.73:443 | gfs214n163.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.73:443 | gfs214n163.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.78:443 | gfs208n168.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.78:443 | gfs208n168.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.78:443 | gfs208n168.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.78:443 | gfs208n168.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.80:443 | gfs206n170.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.80:443 | gfs206n170.userstorage.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:15064 | tcp | |
| N/A | 127.0.0.1:15064 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:15064 | tcp | |
| CA | 142.4.216.103:443 | obsproject.com | tcp |
| CA | 142.4.216.103:443 | obsproject.com | tcp |
| CA | 142.4.216.103:443 | obsproject.com | tcp |
| US | 23.160.0.253:443 | ingest.twitch.tv | tcp |
| CA | 142.4.216.103:443 | obsproject.com | tcp |
| CA | 142.4.216.103:443 | obsproject.com | tcp |
| N/A | 127.0.0.1:56221 | tcp | |
| N/A | 127.0.0.1:56244 | tcp | |
| N/A | 127.0.0.1:56246 | tcp | |
| N/A | 127.0.0.1:56248 | tcp | |
| N/A | 127.0.0.1:56270 | tcp | |
| N/A | 127.0.0.1:56275 | tcp | |
| N/A | 127.0.0.1:15064 | tcp | |
| CA | 142.4.216.103:443 | obsproject.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| N/A | 127.0.0.1:15064 | tcp | |
| N/A | 127.0.0.1:15064 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:15064 | tcp | |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 89.44.168.219:443 | gfs270n078.userstorage.mega.co.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| N/A | 127.0.0.1:15064 | tcp | |
| N/A | 127.0.0.1:15064 | tcp | |
| US | 104.18.1.146:443 | cdn.sellix.io | tcp |
| US | 104.18.1.146:443 | cdn.sellix.io | tcp |
| US | 104.18.5.210:443 | cdn-theme.mysellix.io | tcp |
| US | 104.18.1.146:443 | cdn.sellix.io | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 104.18.4.210:443 | cdn-theme.mysellix.io | tcp |
| US | 104.18.4.210:443 | cdn-theme.mysellix.io | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.4.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.246.17.104.in-addr.arpa | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| DE | 52.222.236.71:443 | widget.trustpilot.com | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:15064 | tcp | |
| N/A | 127.0.0.1:15064 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| FR | 172.217.20.195:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f2eb94e31cadfb6eb07e6bbe61ef7ae |
| SHA1 | 3f42b0d5a90408689e7f7941f8db72a67d5a2eab |
| SHA256 | d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de |
| SHA512 | 9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703 |
\??\pipe\LOCAL\crashpad_1124_NZCACNNFTIHCQIGR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d56e8f308a28ac4183257a7950ab5c89 |
| SHA1 | 044969c58cef041a073c2d132fa66ccc1ee553fe |
| SHA256 | 0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae |
| SHA512 | fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 69468c05f9ace0f0fbf54fcd0fa9cf04 |
| SHA1 | c9a88d41856600c909e4d5d3e82225739cb49609 |
| SHA256 | 07c074a4c40788ba1454a8d86fe450f8945162cb4b590babd4995ba3b0d4ae26 |
| SHA512 | 98cc4ed9cd270e05c0b4c94348a71d590a66f21330005fc68d6a85e1978a7bdf11ad88b4bad8850d5674fd5c1618e71096d858c7600cfa1b471f292a00ef7a62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c2ff753bc8f72c29f01c50ffd4e48bb4 |
| SHA1 | 19c61e79da2bafdd7b35fe2105d8fcd14ba805d1 |
| SHA256 | 8332087f1ce95c582c838a9382197acb8b38b790e6f9897ededfe83e1517b999 |
| SHA512 | 482af7f4a24cabf6a7e576c3df21f3f0da6d9832d4ae880fe034505ee4df49e9a7249ba9a45418f56147b2b2b5edd4379b84cf12b0243863bb658f02f906ef4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7ccecef1007e11f85b3b21d1276a49a7 |
| SHA1 | 257d6154b7896d571f0788b06b0b9dadbb9be48c |
| SHA256 | f158bb02db904e21db484858e990eeb43421ba74ebb2110d4d38668ef6a6ffd7 |
| SHA512 | 1f6d01ed97d18b3a9732b2318bc26f2457874e5b068ed3ff592c275cf2bd218ff151ce4a8a51d18c087c748bd5cbbfea8d5074dfcbf1174cd3b6d7aac6acfce4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000
| MD5 | 477f32d988a38dea77c0b80d5d72cadc |
| SHA1 | 6bb074df62e8ff6dfe794433bbac330cc5e6ae32 |
| SHA256 | 83dd92b2c9e234d2ce4a0c9d7b43cb86fd9516612ae13e7fd9c8003cbd647781 |
| SHA512 | 3bec6e3eaa1bdda3be037d100e84aa55e2c648a215d9c0a5096e8466a204e3d8f341f72afa621feb6af43723d088242cbf12a2d3b2646ef9f68b23ba732a3ca6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 96ae2be49594e87d2ba9b5537643e6c4 |
| SHA1 | 1780af8c6b811b70e148ed4539329f6bacca31a9 |
| SHA256 | 52f16410c50ed7c853535046e478e279cf43eb8a2643c80f6ab5a0234f94efee |
| SHA512 | f1a206c0cdf4afcfbcae6536dd1ac0c54715d0d6573d5741bf5edd8db0fa6634597f56dcba26e2051b0443c58555d21fd68cf221975558d2e6a74e72b7f6f344 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | b1d98e67195c9a664c356b91f7031d84 |
| SHA1 | 90468aa7520fec0501c336e78a109be77d0fdc83 |
| SHA256 | 846d42f6f31da67722dd916d87b3341f2453d7879abd0da1d6e422bee86c7080 |
| SHA512 | 51de416613b5e7898da922f7350c88e0ad37bc181ab6e23c7f120ba84f66342680d699dfdb9a7dd2cbe0e47e333a504ed681377cbb12aae304a9ae65f9e398da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bd16.TMP
| MD5 | eecc5a079aba1d0373fd1b9055ab2af1 |
| SHA1 | 84dd9565aed7401e31cf30599af7f5cb3d42725c |
| SHA256 | 9cb1154b09713dace6605c3f92c0863307b2c5ecec50e9ba210bfa726a50dbf3 |
| SHA512 | 71e903140389f9f96ee3772e2e59ae16fab050436aa63f533304147568061b8625434c5996d0ab189c73ba719099f49d4d506234671d551fd0527d9c6060bcde |
C:\Users\Admin\Downloads\Fake Call Studio..zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e9374581aa8d80c316a649d694df61f3 |
| SHA1 | 02de949cc79375d983e8cbdbe34d0e4b8d0c6ec3 |
| SHA256 | 38ec0490e91dd38b74ef7852e60f0a939de6e250e898e42051dad6aa0d08d4a1 |
| SHA512 | 3e361251bf7fb9e1ba8d048c19c9a1f1a6b3f445890f08b54f9798a9f0b13b6b423c5d89062a03157f465100221bf4a9e2613c4a929da3be5001283abac48069 |
C:\Users\Admin\AppData\Local\Temp\WINDOWS.EXE
| MD5 | 9ddc991ead1c44d3e2b4f9e4b80171a9 |
| SHA1 | 761a566a66dc819010c7e2695caddc4971f0affc |
| SHA256 | dc8c639d8e7a45a4969edd88e76486ff7cb43a5c1fe3adcf9291b9549532b40e |
| SHA512 | 2ae05442ffc9432f9726e7fc4e9a99605e1dd31ad7f63369d13f7106b733d29cad6c76c717b65cc390a5e1eef48a3222cbb9401b6de1751c4c5bc076bd2c97cc |
memory/1224-264-0x0000000000080000-0x00000000000A8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsu4B0.tmp\InstallOptions.dll
| MD5 | 0a9fb96a7579b685ec36b17fc354e6a3 |
| SHA1 | 355754104dd47d5fcf8918dee0dc2e2ee53390a6 |
| SHA256 | b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7 |
| SHA512 | 67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b |
C:\Users\Admin\AppData\Local\Temp\nsu4B0.tmp\ioSpecial.ini
| MD5 | ba1ad02fbf5fef1f31e9c5730b435fe0 |
| SHA1 | 3d9f59cc24f5754656b0c4a7c195e8becd77f857 |
| SHA256 | fa65d6882ec61c75fd5151de91f20604fc17dc48d126d0f4f335e5ac94cc0d7f |
| SHA512 | 4fb4fc08990710c1f4b727786782635e34044e8ae31aa4585aa0a7ec29978130ec57965440408110c3fa5f0fe01f25405123a7dec3016bf80855d694c48f6bf0 |
C:\Users\Admin\AppData\Local\Temp\nsu4B0.tmp\System.dll
| MD5 | 564bb0373067e1785cba7e4c24aab4bf |
| SHA1 | 7c9416a01d821b10b2eef97b80899d24014d6fc1 |
| SHA256 | 7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5 |
| SHA512 | 22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472 |
C:\Users\Admin\AppData\Local\Temp\nsu4B0.tmp\OBSInstallerUtils.dll
| MD5 | e1f825260e7224ef0526514754f7d0e8 |
| SHA1 | 553d67289b039ffea5d8b59f509b9265dca2ba19 |
| SHA256 | 1d84aa191fbbd842d5eeed302195579de1256a9acb980308bf31a631ac01e530 |
| SHA512 | b9453eb4ae6edbfd86e438ed0825725ab91100b8403a933bb0e359703be462f6d3d37f8bfb32eeae375a46512c619370f9802925ae0d8898f540f933b05b281f |
C:\Users\Admin\AppData\Local\Temp\nsu4B0.tmp\check_for_64bit_visual_studio_2019_runtimes.exe
| MD5 | 57f1798a181003beaa9b27102ce2e9a6 |
| SHA1 | a635a2c39b497bb171c828b6051cbfed6a20c0fe |
| SHA256 | 40a1f047394f523b3e27f5fe404511a6eb9f8bc3d2ab14dc8a888914e1ef45ef |
| SHA512 | 6fe6a52578f95fd79ab5730c69e33f519ee3530f646ca46438ca142ec37ccc3e4afe88fc8350c9709ef342084f940d86d55d248c71074fbeb802313b20f02439 |
C:\Program Files\obs-studio\data\obs-plugins\enc-amf\locale\oc-FR.ini
| MD5 | 4d0290bdbd3ba248244c3e3f9c50dfa2 |
| SHA1 | 2b49a13582b9288d69b7f5d7448a9e9b6f0b5f13 |
| SHA256 | d8e9550eef49057d39667cc3ee51032ec34822399777944741a58e3eb55379a1 |
| SHA512 | 9935bc68adb6307c77c9d366b8e7359e231759d1edec96f1ec9ce99e77a1f5c6010307de557672164392cc3be4045f5b16625d3f2a2c255f73b90bb6800c1067 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\ba-RU.ini
| MD5 | d5f4c6cff81e55478335437d97bf8cbd |
| SHA1 | f42df1513c240f5ba834e4c9349257e1ecf57b11 |
| SHA256 | 1bc80e21a21739c13d697904ec4dfcb1589a78dc6ba9cc11d6a9d963dfb6d5dd |
| SHA512 | 644498d60ad41bc16027e51f4712d1a3250d7a95a22fb29059c4d2fc3242571eb6ede209843348fac348774f15e1593fcc088c612c0fc3581b51cdd173731c03 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\bg-BG.ini
| MD5 | 52dea8f19e42ea641c14958313c7aa93 |
| SHA1 | 11490d4a1026c9eebab6320eb884d6b2055139d4 |
| SHA256 | 600ee0d17d261454eddcefc499ffdcad332471686fd03cf2f7976ff7e9b0b647 |
| SHA512 | 5cc1f4f82ce0dac01522104976d77dfe56d7462c81ef74de9f6bcdb1e3f674d2f54b5b08eab0ac4e68cf3783f51c37e8c27e789e552223c789f50f4f23f00c0a |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\ca-ES.ini
| MD5 | c1a789eeecea0b31674f4bb56179c2a8 |
| SHA1 | 0723ddc1143312dd6524e50cfa6ba803b80f2eeb |
| SHA256 | d20154c84c92de93dfce480e3c99ba0d016df1297870439d3526c9f9be94f49a |
| SHA512 | c429481a727699e1288d47b27f98c6a8da35d52e8b34ba8858654ca69c8cd77024b3de5a61c87c839d1fedb4717ea135662bb0546997d5f8532a238b64a88c1e |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\de-DE.ini
| MD5 | 978c35d8c0de5e7397b870b81ca82c08 |
| SHA1 | 10a1a4e2021c9959b22269d2691e6322d88f65e7 |
| SHA256 | a9a2df3eba93ef6e3006d1c51ac3487a01fd4856e0de6c7dc2c4c6a5e021b4b3 |
| SHA512 | b00e0affa48052867c3f00a97b794725644f7aa6cf55aceb99a717f8e9e0ff19fc49e64ab9175f74f98c3ce35c8836d619bca3211fa178503df652e69b52039e |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\el-GR.ini
| MD5 | b57c13280b92da14544ef5a2c65255d3 |
| SHA1 | 498c6714273c620acaf1e1f7ee1f18d6b2cf743a |
| SHA256 | da54f941e958cc5340618a1c70c9e048cc92cd6884019846ed77cc1c0cf06f16 |
| SHA512 | f7c7aa01f338212451355185e9ff45a5f055052136811d2d9a94514a09ecfdc544ad07f835a74b274f700d7b8e6614934444f0c2cbbaba5b750f19931a350ecf |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\da-DK.ini
| MD5 | 137a92c58a1b6b41571e3bdb084c4dd5 |
| SHA1 | f1cb97f2f2408b123bfa16e72202c4927a3ca6af |
| SHA256 | b065e68d418e95aa77531942e693bdd86c4e111cd06c94d8129ccea56e760d28 |
| SHA512 | 62c5c80a6bccd2645d0492ee650715a9ec91181ec278209036b84e0cdb8b0b9dc02d9d208f8c84af6ff923d41e419c756610e86f663521230c6e3a7f50588f47 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\cs-CZ.ini
| MD5 | b732128ec7cb15e4231f78e11e806eec |
| SHA1 | e4dd9784be340befdd7471e2760ff63cfaa44e3c |
| SHA256 | 26d8b7ff7b952a8c225433c564286dfc9e8744a9154cf6246dda4e484a662fe3 |
| SHA512 | 1509c9db4bf62bcdecd0da139547ab43e8f8fdbc0fbc5eb6ae98dc3bb7c76d89df8c1a3ae6fc63d61bba3075a34feced75c3399281de98ef5abc4e7231243264 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\eo-UY.ini
| MD5 | c927a81671c7919bdd7930bc2cf4da7d |
| SHA1 | b81533c34fc19f8da6bc2f4059e30f60f5533ad1 |
| SHA256 | eb99858fca431e56dd25d651117b245259fbb74109edaf0eae776ea08dfcd2de |
| SHA512 | bc9e70226dfa0c35e1e56ab766537033d6fd47e9d5415d3cc87445aecdacbac77ae63a1924c2f54de8a7df68bc4b4ed6a4871aa2ea68097c3dd762fa3e831f89 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\es-ES.ini
| MD5 | 3f74278d09199d50a8e09b49bce1a6c1 |
| SHA1 | 487ef50e4bc573e2a4f4e5a47eaf679f45912cbf |
| SHA256 | ae7c39eded92c67fcf4d3377ba5a0be4978dbbbddea8bc45f930ee119cb055a2 |
| SHA512 | bf20779f146e920aaa727c0a7b9fb263ac7c32efbb8d7779bb2ea9cfd547077d129f8367caaf0af8471f3a36af2e2e71d1f1a2b1f81ff0aba2fc764866bb1088 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\eu-ES.ini
| MD5 | ebd8c24001ff5314e5f92f6070370d09 |
| SHA1 | 76c28abedd8408f6f32e4c1e9314722a4314d039 |
| SHA256 | 842c0ddce47ee0c3281caf1c0fd6f708cab3880d5e51ce828a2e1e150ba6271b |
| SHA512 | caf5dfffab9a665934dffbaffa2178c5377a94c82c5cc3cddff3da9c3591e86afbe30c55c2d6c89fb59d85f90c67035261a3e7aa5276490c1225873247d3673e |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\fa-IR.ini
| MD5 | b94ebdaeb2aa44e8593ad180554046b0 |
| SHA1 | 0c9f649d2d37ddf802a29b4280af92c4c4af22c5 |
| SHA256 | 167c220dc80857b33c7411e7140be3b4ca512e6a80668906db2fc44f959f9dd8 |
| SHA512 | c7c78474db4e6e532d0a8222a361fafc28a95f454ec17a4a51408880b1ba521d36ce2611c97413f162e967b79ce82e64e2fb899958e6e01fb72c16b3f33dfbd5 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\fil-PH.ini
| MD5 | 7505184f55cb5a79bc0e571c3db48059 |
| SHA1 | 0d81c959a57d2ba8bb24e0b6e05e89a364b488c5 |
| SHA256 | 4e074acbf7ea6abbe2c4747db8b73561cd73697e01bf8d4b04a18668d97a135e |
| SHA512 | ece1622e4247467b73edd442af37968eb9ea8838ec3ba827735d7009ff3698b52f3b19ed3705e386c321241444c3361db02edc2eeadd411bee70cc0685d3748a |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\hy-AM.ini
| MD5 | 1c8e7b0cfea5bf933ac65ed77b646556 |
| SHA1 | 4eeff6b8c2de6fc963d34d32f636c684b62707a8 |
| SHA256 | 218c83084dee287c8fe9779c6ef04f07c9c28c6dae1d7237b283406c76942f0a |
| SHA512 | f19f001073b3c7a52bb0e73274095124a0b54cb1d188825e1cb2e72548c5bbda099beec16e5031c00781655598e2feddf39b81c13fba171c7c5d36db5b32043a |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\id-ID.ini
| MD5 | a6c05ea110cc4b840e2e36379fbeec3a |
| SHA1 | b672dd6eefe7f7d202b33ea65eac5323b9257ea6 |
| SHA256 | cb3611a529dee3cb593401d7ce921d8e1d0dc93d8ac34bf782e17cbafa1fd2be |
| SHA512 | b34d438b92791f34dfe027e22fa1fad27f2ee253e94290becc68e13e7ed56d062d7c352616e9d1c212b78177310140a127ede9a8bfe773fbc33dd3e4d211a8d9 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\hu-HU.ini
| MD5 | dc981247653fbcc7706184f19583226d |
| SHA1 | 498a2a8512f6c66c83cc627443f6fe7ebe44dffe |
| SHA256 | db31d405c4eed9fb94debdf768f708edbdafdc7d90fae1d9dfdbd7b18a60c7da |
| SHA512 | f9781e01576599b050764d85db85c4fb58cad80932ae3d1bb167db64b26a3fbff845cf695935fab8f87ce870d39e8eb10cc8a6210f514dc44a8627a90ecaed22 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\kab-KAB.ini
| MD5 | 842bdef57410c721508b83df07c3a5fb |
| SHA1 | fb4b2d8dc6946fce53934f396e07b1deed92c829 |
| SHA256 | 487527c8eea191d95bc40d4b66ff9b0809ce268c8c5693849b207b826c8db812 |
| SHA512 | a0be71bfd856264c24b358aa63e3d94fb79dbc919d7252a00ee3599d9ae7afbd341fed5d931227ac817f073fce46bf9b4215567860f418f1e4ddd37e6a70a515 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\kmr-TR.ini
| MD5 | eab8eda462380012ee7573a2e269fa6d |
| SHA1 | e19001c0ab3ac3e09c98b324cc2c433f7c181481 |
| SHA256 | 3ded6030508977272b0aff51b08d2c2436793903304f0476ac094664e03842e1 |
| SHA512 | 957fb3b597343621ae8fcd722e2e3b9d9648cd944ad3a9dc5cf243d7524b97270fd45f5b7d73194c6fcd738593445e3acba7511a079b34ad0684660a95f2aa32 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\ko-KR.ini
| MD5 | 188e32ba4770181af29908d10598dd77 |
| SHA1 | 5cd700ac4b8dcae08fdd8f6e525bd4c1889f6c0b |
| SHA256 | daa6598207d406f30c054eae04ee089a26b3c6e0b703774503712d08e9160636 |
| SHA512 | 992bcf836250929fb6e43b14a95abc50469d7244409759a72946e98f7b20da87669943a9a4fe40358245b4460aeadace9ce0ef3b969fa7f5ae772be92593ab6b |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\lt-LT.ini
| MD5 | 44af17b40677fe75028f8213768c2cb1 |
| SHA1 | cb41b1aabd80c94f58aa8f4977ab7013bae9d25f |
| SHA256 | 7d8a58b5c23e5df515bf80ea94c8598a801f0bfbbc0a91dc053a0ea42e3dc71b |
| SHA512 | 3148234e9c9e3ba85e9629e36cc98ffa40f002ef6ab2a9bd39dcb8c9f76c0e4e2c501c8efaf27bb3ae5690d43b61d4379e5a524d900028e05de61e57bf22d67f |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\ms-MY.ini
| MD5 | 74330df8706c206637d2e4a42f9954d8 |
| SHA1 | 95d91da5e9b7b8fe43bc78f96c018b85252dd9e1 |
| SHA256 | 2994467d0eb28e0fa78272d0bf59e40db5d7be3865496402927af4f9e708f915 |
| SHA512 | 989d1625c798deb863376091e3eb9f71c1f196cbaa08ba4f8419444c173e44c90752dd7adcaaf531e85327d864c785f09dee665f1a652794b0da4307c801ee31 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\nl-NL.ini
| MD5 | cc71dfda8719a7d26fb45f2a8b77f6b6 |
| SHA1 | 1a8c9d5839dc8e77b47938837578b248f0425a33 |
| SHA256 | 8cbfd54623c01f664ac501a9ff108e36df89ba0a291cfcedfac07caa6ed430c3 |
| SHA512 | 3a0c8903cfb92e1bc8a7a857e52c9e68fc9b24d1b822ae5a8c76df912b18932b16e8870e55f1c6aba6e88e2036346c193eded3437ee67ecdd27a370ddd7f1594 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\nn-NO.ini
| MD5 | cbe720726d1824a6729263e22c6491ed |
| SHA1 | 5377eb9e38997cfb9487c05ee05408880811f843 |
| SHA256 | 678429b815970a2498ab6f6e31b064f5061e28c646263d7147eddbbe2eb8b98d |
| SHA512 | 0ca96f9e9e0fad562035ccea8b1cfc69a395f97c3e07da4700144f4c2ddc7bcca42647f13be1cd516da4579a7aa164bfc3fe62acdcad4330bf9a396bf46a023c |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\pl-PL.ini
| MD5 | 61d3a13a5b3de237266656bf65d3a452 |
| SHA1 | 38674c61e5a6db1840741194a9a44670ac6a4f82 |
| SHA256 | 9f5ebda286b5d4181ba45d96060dc613f826e50543842e8ec2f788cdba7a1cd1 |
| SHA512 | 8185efd5c58b5a84d527791b4f38ed00f62b6556ebb69eec7e7af0f11651ae222af0544a1661d0e1a307ead81f06b7781eddf6349427b550e2753b388472f459 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\oc-FR.ini
| MD5 | d643102b55986f48e1352e8ffc07f0b8 |
| SHA1 | cab58e4590c256de33748c46d191e2f39479f707 |
| SHA256 | 5bce8a8ee30384753f530dc180807c5b4845dcb81b2b53640305ab66e3f485d7 |
| SHA512 | 36976215d02aa7ba1667c64f64a8803a17a3bbf65bc05018661b1df9a5227c989e72ac1beb298b03076af396e99ddd8e1e27679729269d6fd5782dc2859cf742 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\nb-NO.ini
| MD5 | 5e418a375ee5987cb741c9091b2fc868 |
| SHA1 | 9a4b3337e5ba74102d9b4dba3412067a4ee05461 |
| SHA256 | 9a20f9c128a36d29093db378078166e70ba0817e7f17e19d96d57753aa258571 |
| SHA512 | 00dc2859a5a62220be67e2efcaad05fa89e4cc2904bd3c8c9a10dad71f204a43df66d671f8573a5cdd02df9baa1b01beaeb7718babbad83a9fdad0dde6b134cc |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\mn-MN.ini
| MD5 | 81bf910e5c223e14fe6f83fa5446f91d |
| SHA1 | d0c6b23f05e4a22f4921b558a49d27355b5d4da8 |
| SHA256 | 64bffe8e51ccf5e5b195c09946a193ad5591fc870e616899234886108c09d9c1 |
| SHA512 | 6dff32e5b44c608dafa77ec10fc776eea8d54836aaa27d4f9716cd116403d642b49b204f38d5f9d521e6d75f856cf0d9997b4994eea2ddd98ecce9e47882dbbc |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\pt-BR.ini
| MD5 | ff5635b40b50c8d393447727aa70f005 |
| SHA1 | 1fc9e14b72ec4435049a6dd00fc482773c9bf620 |
| SHA256 | ca499efa1d0d9fb1c439d658f43c55615e83aeecba3ae4ec6f7a64fcad477a5e |
| SHA512 | 923744970c602b1ed16b94b349a003da6ae86b662ec6aa5b8bbce3c0d614e1cd5f4b02822a7b04b0ab41698e2914e43d26a74f705fb00a692dd559b44d9923ad |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\pt-PT.ini
| MD5 | f32654eaf9fa3e330c01ffa9f958c6d0 |
| SHA1 | 6da7ea9189e9742b09b04956eb33f337e7a92f8f |
| SHA256 | ce92dbaba53f56dbeed7c530b4c14168d1b8e2b494a7964fa632f8dd8eab3e7b |
| SHA512 | 7fefbd8e983cfd9670e44596fc4ce777398d77811db534f53330c77af1b90205852f8d60896fa00854ffa5af6bd18b62ff7254610db0f6d196a8616204b8074c |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\ro-RO.ini
| MD5 | d2ebec8a8dccdb6bdf7047a7bec0be42 |
| SHA1 | 15bbc7e4cf1188d60d5f5de63efe1ac710de69be |
| SHA256 | fce0555b00e0d3c1be8588e4954a8a948bd30a23c59cb12afbc719980ae28c56 |
| SHA512 | a317c01588cc2f1587f490175f016f9a3ad64cf01984cf5bac9326d3b35b2434c47bd394f72a7522da84320cf3c1457a6b0203a9a700d07c56360eb3e90eeb0f |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\ru-RU.ini
| MD5 | 61a7660f74a3e7343fd4c8659d3ee5d7 |
| SHA1 | 7cb88cdd7456f64d34f5aa2fd104f2d1d3ee5d50 |
| SHA256 | 9be1d2501c303eead02d53aa38481ae299cdcfe613264ef4b3080a5c871b11eb |
| SHA512 | d576fed9b7f54d6749078bad8cb5b33d6cdb988378fc32960217fc71e85fa7af0a442f864571cad292fffa935c84e209d6e4c587d59b97a467a6b33cfabf26b3 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\sr-CS.ini
| MD5 | db634f2bd65b17c869ee35e2b25b9627 |
| SHA1 | e3c181c63096400fac919408ebcd333102bb4bcb |
| SHA256 | 6bccf75e8afca1754eb0f3f04cb9dd768d06602daebf64616b6a7c7e8f82e726 |
| SHA512 | a5e9b7513c9120cfba59e82be804cd605b5369e4278e7704097a3a9d06f9d35bf64e232ffe73856f668bc3ca8b62cfc5581b98667aad69762822ef501afc950c |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\sv-SE.ini
| MD5 | 2bea6bba887906ec79c1c40fbbb9e588 |
| SHA1 | a1780611f51f830783118664e9c424cbef5aaf6b |
| SHA256 | 699aad31267e2ba355d1dcd99387777114d407ebc84a92bdb13a0caa6e3a2b5e |
| SHA512 | 5770a37953bcdbecf203c3f679ddd771ce7003c44c3c49acbe7804fd064c76c446ab743966a0b034ee393786d817a6d1832fabeae90307a9426aebb242f59bd2 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\tr-TR.ini
| MD5 | d5059752887ae52673b8ec648bd184ad |
| SHA1 | f4992c171c950491768321cf40c8d77864a15c97 |
| SHA256 | a1446bfd2b76fc4df75b6caf11aee04fdf82231ee982a7465d5be2946cbf1f0f |
| SHA512 | 44f61a0337c92a934e7b8bb1c26420acafa6e4d62284ea6476f24474a4c998d5d6eee9b19d7ebd56df8b0218fcab1295d159dd6c86cd658cae08056972ee9294 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\uk-UA.ini
| MD5 | 8121688cb5456c37fe92ea1a792a3e3c |
| SHA1 | 9f80b8b8777ace77805b3894083310e538379913 |
| SHA256 | 6776fb0cfef2a6dcfdb77021d9fd9396f85c42c2d185450d84c9fe7e4ccb1e3b |
| SHA512 | 478c0df5f5261337f3dcdbef7c1f4dc6196041eacd07d3e4b4e2d4280269ec80037203899f7961d6ea215d632f1d95123cd9158d38c65283c263a8d184a85ca9 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\zh-CN.ini
| MD5 | ee2f7ab2d1d006908465816549518737 |
| SHA1 | 3cc57476429bb536b8bed47399cf38f27c8d8eab |
| SHA256 | 97a100a390cf8bb5efa64c1ff1369d4c16ea66b6163b56bee52496bbcbdaf4d0 |
| SHA512 | a5ae8453938cc0bfbdb00bf01bebdce1d2aefeef21bd537efd20b6d1fd2b72085c2d7c14f9a9d5d06d61d885b4b016a862aea30eb90eff97987a489d6122ddf0 |
C:\Program Files\obs-studio\data\obs-plugins\obs-browser-page\locale\zh-TW.ini
| MD5 | 210e8e8e28ed7fdbfe1454b992c5494c |
| SHA1 | 929f937b05b2e5fac20ec277a7b254b0c85e5d6a |
| SHA256 | f4f0617ceb2268781a91bc3985db0b13322b1e6417ca41f8a2e1833332bf960e |
| SHA512 | 79731751695623eebe1fcc6f14bab8c448ee80ebe669812e9b367bd0708b86421c45a5c03a11b3158aa59a6faa8d371012d50acd1a6e18b2a2971171d12cd4d9 |
C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\sr-CS.ini
| MD5 | 9902f8f948327de43afe0401e1f01427 |
| SHA1 | 570bbc50f7444244db06181f4675395eec849636 |
| SHA256 | 5e730a09bd90808ec16124a50ec51b39bcc9463360bd9dacdb1c79a7568660a8 |
| SHA512 | 514d665e5848f64499a81e3e6a73461e4d3de42ed1514adfc941d5e893c65e42d6d7bca89f1079912db4834bbc20649253e5ec9be4937456baade7a227242bff |
C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\sr-CS.ini
| MD5 | 29a020a076a1c890004dea9e8a4032b0 |
| SHA1 | 910b00f38e5c44a17bd37f6c4ebf3a12bbde14be |
| SHA256 | 78998d70ce8593034807c8848fb5f724dbbb38b10ba706022f77c38aaa5e7736 |
| SHA512 | 906a0d43eefe2720ac21d257b81cfd3d0135954007fdd61991ad5770e84e4eb45077c62a651f6bbf449fd72a29ebffe6d18cf9ba6ef2f24d3fe8c9cf53a35a0b |
C:\Program Files\obs-studio\data\obs-studio\themes\Dark\media\media_pause.svg
| MD5 | 0622e49ab812fbf546065cbad92967ff |
| SHA1 | b6aa640d608fe86b7778e876ea4954b0ee656aad |
| SHA256 | 576c5a9c87b23a8056313142906906cc91550353fab1bfd0f6d72c096562f825 |
| SHA512 | bf6f967cc4c64409070776b3c99becfc0e27b644a9ac59b18221df19e3f6a40d70b766d5bd7bcf5de3b304ea880dfa3c5399bb45327469871fba1152a40301bc |
C:\Program Files\obs-studio\data\obs-studio\themes\Dark\sources\media.svg
| MD5 | 3dbd8444f27eaaa3a0736f7325bfd205 |
| SHA1 | b6d0f49bbcefc2ebf9179f0df1be96d6ab8f0e9c |
| SHA256 | fba634eeb70059f9ea171acc44657db6bb9d43204b18c99340393dcd48642ab0 |
| SHA512 | 34f4f4b768cee5213b43a33cb73964438847120e6b285832732fc7859f6db0cc8877ebf8988771fcf24774bc102a1f67cd44a127eeadc8eb2f7fd4c495cf7bc4 |
C:\Program Files\obs-studio\data\obs-studio\themes\Light\mute.svg
| MD5 | e026122ed46de977c4159c9105338d40 |
| SHA1 | a6a70fd02b5887e1122e04c09a259d1bd697bd8e |
| SHA256 | 0a96f8637dda33b6bd56d8795734faf8408a90cfe3e3066f22bc41cbabfa7a33 |
| SHA512 | 1e89eae9ceeab647ad9503de480913d08b2dc29ec255ad56db76c6bae31ebc0f5cb5b4f3dae6287b26fc891de1f85ecb1c99e780e440753898ff9478216950a8 |
C:\Program Files\obs-studio\data\obs-studio\themes\Light\media\media_pause.svg
| MD5 | 47322e3540c489359ddf705bbfa7508f |
| SHA1 | b58e15bef70c5782792604f21ea0183fefcd5e0f |
| SHA256 | 6f2b52f414b06557e7c6b3e690332d2af2e65347255d274762c13152101842fa |
| SHA512 | 64ffe7641bd47cf950e5dd87ef73e2e2e1062193a841a28ba8b8f7a5fb0ec9b641c8e37824072ead1b5bc616c1ad2b4e283fa94f93a2e4cc931b29895fca040b |
C:\Program Files\obs-studio\data\obs-studio\themes\Light\sources\media.svg
| MD5 | f321f421c11804104323cf033e8e921c |
| SHA1 | 6f6c3adc942d9c839a7d40be12a32ca7e4c275eb |
| SHA256 | c1da89bc3a0d03b90cea6af14129e25b5b69bed17bf79e0641d284408e4f2fde |
| SHA512 | 1895bc23d580e65c821c615c318f007d853145353afde7c0347e038660080d2621e209815bd10bfc4002955dd4f0154951d4cffe47d30b550f389f030ce87373 |
C:\Program Files\obs-studio\data\obs-studio\themes\Rachni\checkbox_checked_focus.png
| MD5 | 0ca13c84736f193c4ddc36408b63eb79 |
| SHA1 | daf222b1b08d7f2645fdc2e25e63be2aa50e9b79 |
| SHA256 | 9b7da86b40e8fe9da37ba2a4337c9bce14b07153a9722dd3de7772c1c5933ded |
| SHA512 | 1f95694e920b1be5a7d9a4c4f7eabccde8326965d8b1e3211085c67e84229f76300aed6ae29e2d79e817857cfe7608919233057fad6fda3bf515c59f3604099c |
C:\Program Files\obs-studio\data\obs-studio\themes\Rachni\sizegrip.png
| MD5 | 3cc9de00b77ffe788eb826b8608cad0c |
| SHA1 | d7ea0e97469cd971b8e00ee564a540f24a9f1752 |
| SHA256 | 31582f8295152ee22f44910556be5c2280934214a0ea3db73897a4c93cef34e3 |
| SHA512 | ed0f66eb14fd12f5a6e52825d209cf74e48be44933e2702f790ad0024b31d2f4c998d87e04f14fc80fb56bc6b2a257907a2a143334e79ae0cbc07e264ebb0c96 |
C:\ProgramData\obs-studio-hook\graphics-hook32.dll
| MD5 | 824aa4f68dddf4388269d2836d9b940e |
| SHA1 | 272fc50e6c8c80e32631302fcf03ae4292be0e07 |
| SHA256 | a3e38c01c7d59c678e0dc3c0b7c3fe6d3a0dfe3ad0ae6a4301919423887a094d |
| SHA512 | 60c04efe4c54e24dbdda516e4f68596f5dd210fdfa9454c5bc672ae70d942ac4a08527bee1e7af263046609412443414f4a04e9d0a3eed8584cb4fd4a0e64ee6 |
C:\Program Files\obs-studio\bin\64bit\obs64.exe
| MD5 | 2c6951f198f7ee4aaab9f16be137d84a |
| SHA1 | edb4323ae536bb00df9df56ddef87dcca23f119f |
| SHA256 | 291c2f070367f3f2cf4248d0a5a4ff5f5da9c8e842477adebb9d6367da66209d |
| SHA512 | 77dbaa444908fe8a6ff06f6cacd1889dcfd37c35330154a2299c375056b8f65924de54635e52f3572ed10824e456b91dade17fbc0f1cb594706d01d69380ebf2 |
C:\Users\Admin\AppData\Local\Temp\nsu4B0.tmp\ioSpecial.ini
| MD5 | dc79c383a716c72a8d1b4099101570b7 |
| SHA1 | 71d4a319e4dcdbc3c10337514fc3f52b3e4daa85 |
| SHA256 | 34ebe80c2d5b8b5febf520571a220fbd1079bf4853593088973cdaab333fdb5c |
| SHA512 | 22d3ac5c78b6c1166854a0719ad0162bf74e966f55b588849467962bfb24ad2723bb4410a04be7b6cb07c09579d28551db34b6c0373c9bb4acdf17fdbc1af64e |
C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module32.dll
| MD5 | 3f5b8592394a7b730b617fcaea57aa11 |
| SHA1 | fe41c8440bdaf052eb6cd63fb6ef699aa6266864 |
| SHA256 | 7ed46b7edaa691410b841e96887e16a98309a28916d27460de4f344a904fde4b |
| SHA512 | a8014e1eafdeb16236bb62c0f456135bae707623f6b684865aa6328efb89c2dfdf4631d6f8e53e69356a70498006f727cc04f1b7b11a77dc0bceefa341b52d79 |
C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module64.dll
| MD5 | 9169a66ff89f2ebf5f892246f72dcb0c |
| SHA1 | 4d0fc937437cab38c64931ff8006ae31a7a8c5ea |
| SHA256 | 01ea5948c5712811b8e4ebadd2c82605b9dce53445a413ddf4aceadeb65a9e1b |
| SHA512 | 727cd7eff9eab1336755909471d0a5d9eae1f069d8c3ec842fc93e9455db7be54986b0408260f44f463a45ae7c22174c2b9162491575f49b7f16000d93c19139 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 008114e1a1a614b35e8a7515da0f3783 |
| SHA1 | 3c390d38126c7328a8d7e4a72d5848ac9f96549b |
| SHA256 | 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18 |
| SHA512 | a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b |
C:\Users\Admin\AppData\Local\Temp\nsu4B0.tmp\ioSpecial.ini
| MD5 | 12495645927dc2a568399309dd5fe254 |
| SHA1 | 1cc9894807bb566d6f407e1c2aad8c00bcd5c63b |
| SHA256 | d4a0f376b43d38957dbebe206125354aa475112d8dc9a3cd92e55fe395561982 |
| SHA512 | dc005ebd5aea24010f8a4115f8ca4fb7efeab0b7dd3abce2af705873a7a91809a8d84e79385cae8fd52bd360c84ac5ae88bc78c76c8356f18f7248e1e860ec20 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk
| MD5 | ba6fd78102c32e6ad50add114e0576d3 |
| SHA1 | 03b5b6bcab63f34005e51b21da76673bd7804b33 |
| SHA256 | fab817a26c2ae41651c8096cb0288a71e0d04ad381e1acbf6f678a518e4e867b |
| SHA512 | 020ca3204cbc06a4237de5f3c0585c67051dd6b2cbd55077d50b05a2f8d6e50e2332fec4177d0e336b433b1dcd4747573aeca15f3ef134135fdde5dca626fd4a |
C:\Program Files\obs-studio\bin\64bit\libcurl.dll
| MD5 | 43169d2161051db42f5b7e1fbc24cf5f |
| SHA1 | 1557fe8f7066fede8ec9a2aad79bfd08110c1c4e |
| SHA256 | e1b9cc4b0c2ac3122311df5de738c59bed42fa0d8f94749b8b88f52f1e4b6796 |
| SHA512 | c74d4de80842942ecedfe3c85e50513f18a0ee289db5dc72ff57ba343fcce528518a0ebeb80e7e37ef3c05513dcc9b1cc195f8142e25307f62e49d16ddfa5a58 |
C:\Program Files\obs-studio\bin\64bit\Qt6Widgets.dll
| MD5 | 13b5853924cf11d5dd7a1bc17d0a5611 |
| SHA1 | bc0cb64e546462154b3d699409a66161296f4ab5 |
| SHA256 | 695446af2760d1952c7127a7975806ea1006360a510e5fde9a19588ec33bbdfb |
| SHA512 | d7144c1d1c00c9c0617d9b273df88555ba40ae7837f7b36a47f0eb8e8f6cd51b793875e10a8880387502e1c8b3bf3adcdd270979685180289bc23ec1dcc008b0 |
C:\Program Files\obs-studio\bin\64bit\obs.dll
| MD5 | a72212f40da724256c258f6440f6cd7d |
| SHA1 | 3409a4682c35e1717e0e1ec578a5bf7c787abcfe |
| SHA256 | 5670cd6ade9425f06f9a7c358be38ce28bf6df624296cb033fa883b1b5ca1557 |
| SHA512 | b7c6f186a3a1701ad9244d895dd719b8c3944f11971882d7284b107bd548d379cb1c6de919d55e10157fc5714ca5757e3fe8e4686715943fdb939670922c048a |
memory/5832-6393-0x00007FF63CF70000-0x00007FF63D3B3000-memory.dmp
C:\Program Files\obs-studio\bin\64bit\obs-frontend-api.dll
| MD5 | ed347a80e2c5dac823c55241b0831322 |
| SHA1 | 80727c91ce31d594ff920c126133c2de40b42470 |
| SHA256 | 787b86678f9b915a5793697332dd9ec30c21fdcc7b85fa1c2baa267cdd1a2206 |
| SHA512 | bc6f35e6f0cafebad90c02435f475100a61616ddc63c475494d44a26ddc074ff2b9814b3c2bcdd74e5c341672337bdad4a564386c60b4d3317e2dc4139c54bdc |
C:\Users\Admin\AppData\Roaming\obs-studio\global.ini
| MD5 | 5e1a6ec63e7f3c47ee8e518eb9363bda |
| SHA1 | 7ee6c56636dc5bb77c624542dfed81cf61e1301c |
| SHA256 | 90eb7d1ad2ba1c3f742eb01a0930d3e98a5fafcdbfebe4a30a429872721ef04e |
| SHA512 | 178aa925045f84eae42846cca4d7f8a8f339a044eda2e15d2ac07c2dcbf4911a38e5df7e4e1ad288b696285daf00c630ffa79216aca9421318c0af8a220f0dac |
C:\Program Files\obs-studio\bin\64bit\w32-pthreads.dll
| MD5 | 2f116d295cbeff99487d6bc5b06e1963 |
| SHA1 | 9155286b7d4c001e1d3670001b1f0a7d4b666edc |
| SHA256 | ca3fcf379a89ad16ef7e2289d83f749d2d1c09102e89a78bf9db71bae7998fa0 |
| SHA512 | ba73175fca93ac463830fc58bea848d9ea920762b59b853848f752f325ce1e9320d778cbde959c0f594c9f32d92cde15e5dfd4b6cc503dad341df0a741c20f12 |
C:\Program Files\obs-studio\bin\64bit\zlib.dll
| MD5 | 84a4eb39d67e49914b878aec39b1e5ef |
| SHA1 | 38bf9658d5f71ea2783db0441c7aa77604644d42 |
| SHA256 | da6115453a00948d3c32575051bd95f16f672ff5a2ceb572b7e9a5eaa42787c7 |
| SHA512 | b112a64bb93550cac59045eea9715b9278a8f0a57b2b912833399b67fe3db3c0f5546eb63b4adc653d24fddd9d25dd9a1d9baa7725e5b760fb1c1da238e6df6d |
memory/5832-6394-0x00007FF63CF70000-0x00007FF63D3B3000-memory.dmp
C:\Program Files\obs-studio\bin\64bit\swscale-6.dll
| MD5 | 2d54c19c41d82f19093f6c63f9be714e |
| SHA1 | 4db01c043aa24804aea4d6abe44cb60d08e307ed |
| SHA256 | fb8c2300924f1c3e7957c66219114120c48c27281064f51643a725d0b066a0e4 |
| SHA512 | 9397ea93f81e2891649a5ed7b9953d677bc7b3cb3dd7c72c1548e38a5c68ac0ccfc50ab8d17442bb9703b2bd0df37207d4de794a120770cdc23be9d6a3bb0312 |
C:\Program Files\obs-studio\bin\64bit\Qt6Core.dll
| MD5 | 11d956a007ba8857ea8fac4ed9b5f6f8 |
| SHA1 | 37ad844a76d453f9468a4048814aec011c75021a |
| SHA256 | ebe487c9ec63d9c73e349a8f8ef14fe5731fbcdf501acfe36f29fdd12e6c0624 |
| SHA512 | 242d81f8cd7a742783d8747c2b82945e4a0989fd6ca456ed460ae7aff5513781637d4c739a9d4176660d66d497eda2d1f2c9174fd70ccb58d78bcc40af4ad378 |
C:\Users\Admin\AppData\Roaming\obs-studio\basic\profiles\Untitled\basic.ini
| MD5 | 574329e5c00e0f8389faa4b2e0064b7e |
| SHA1 | 68751df643d5fceefe80ccf8ea59005c1f689539 |
| SHA256 | e01782e0ad6fe923a9edd4565817f2d1695653145014a59ccdd895e0c3a98b21 |
| SHA512 | 03bc61017296342f451ebfa7fda96be5a5eabc6f54ed8fecd1d6d1c44f397184c1d1322650b3e3dd8ab061d532bbb76e45142171c87ee89fbdd6a12cad32e10f |
C:\Users\Admin\AppData\Roaming\obs-studio\basic\profiles\Untitled\basic.ini
| MD5 | ca6c5ed863b84359de0f7d0e4a05901e |
| SHA1 | 9870338c383a8d0d94e06b0cdd84af4beb6bb974 |
| SHA256 | 7fa8fe85d7505d7565ed9dceaa85ca7ca0d478cac1528597348fa990f312ae0c |
| SHA512 | 4b0cbfef4db08a6a8a53d2d407093c2c93df82ada823275e185aca4cdd8fad6b4f6122c44af09569cfacfc6d79599246b90cf5718e27afa4ed27a51d60ea029d |
C:\Users\Admin\AppData\Roaming\obs-studio\basic\profiles\Untitled\basic.ini
| MD5 | d785072bd43717886593f737817fff15 |
| SHA1 | 8c7ef0936b7f5a5cec10e9b5e1278400e276e6f7 |
| SHA256 | 7989006d0b1b17f5e4f4e20960713600d80612c3799963454e463f689a3cf613 |
| SHA512 | 8bcd4ed11b248d2934bb7fed91cd8645b77f89ac75f357277a9de04e1121ef4217e982783d61c32b1e8e04d2c14eb82fab78926dc46861db511a8741a62c0c20 |
C:\Program Files\obs-studio\bin\64bit\Qt6Network.dll
| MD5 | c0a45658d6a449b10bab51e4d13461a9 |
| SHA1 | 5e5900782001a1f1f943f3652021f26adbe6e91c |
| SHA256 | b247675f3a8052f99e86d03b69c662b8896692c592cfb0db9ca32a5fa7804156 |
| SHA512 | b0211999fb364ee4ce0de45ae5d4393086b1330ee265709a8e1f23e3126f6f73f300085b02da28afa4a381ad1280008ce5bdb018f2caf81d8d105ea06100dbf1 |
C:\Program Files\obs-studio\bin\64bit\Qt6Xml.dll
| MD5 | b78c1020fa210bff7749daeb632d8bc7 |
| SHA1 | 0f6f9c94651fc6067fb2285af6f5f2700eb14324 |
| SHA256 | e033d6aff84d7654dc509cc8fb43e46f31289b5061c7c2363a818eb45276ed0b |
| SHA512 | 2010c73d64be24a77c7d1fcb3bad2314e3ffccbbee3641adf7b1410842e275f6af9ac2774b434c38c0a2c1dfc9fe90ce4f835842bc72d1cb7ee995513ebfe794 |
C:\Program Files\obs-studio\bin\64bit\Qt6Gui.dll
| MD5 | f0920dae438b523b053beac25ea3d10c |
| SHA1 | bda9dd677be8f0c2707d499658dc55a6b9ce6666 |
| SHA256 | 0febba928e5c28dae04876510b456a237fa494e92cf88b153ce8ace503e877f8 |
| SHA512 | f37239c51dc6d7b4d0ecdad8ee42716a09aacee53892c066f990235c45c25dad778da19a9758b52263aca023efe1478079527bb07d1a064f6a2d0e88a56a6f57 |
memory/5832-6391-0x00007FFCD9810000-0x00007FFCD9DAF000-memory.dmp
C:\Program Files\obs-studio\bin\64bit\Qt6Svg.dll
| MD5 | 44fcf537c8916b85c4bd803e4b61bd62 |
| SHA1 | 9e9e76e0edb3e199afcb20182db0ac2a6f4f0eb9 |
| SHA256 | debff1c113092d78eaea9d01718db8dd9bc0e34c75080910af30951679394bf4 |
| SHA512 | 278670adca2c1338f6cd4584f6a420e18d6773d4024a12336beb68291516de07f5e30ed583984fce0d276ad02b9d3671299c369b04013d68ac71ff53f5881875 |
C:\Program Files\obs-studio\bin\64bit\swresample-4.dll
| MD5 | fc94301c5553d4faa998913174056f95 |
| SHA1 | a5de4ab38172b883fef4fb90806010303a7cd3e2 |
| SHA256 | 034207bc3a897ec3f1be90bf3eaf9baf56e5f8068e4c8e2c7a6dbd108279de1b |
| SHA512 | 50e0ddd0de3529adc84b6f7f2f1361fe02be80b37ed2dfc5cd081f456678d93693efe3e7e66a9a50930cd63cebbf0139b09f09e5b34ee597c266f29667d55000 |
C:\Program Files\obs-studio\bin\64bit\avformat-59.dll
| MD5 | 2dd7edd759f67dc6e1e72f40690a65e8 |
| SHA1 | 8aeb80591d942cb1559274773728aa75b1896b5e |
| SHA256 | dd613d5c5ea73341769f7f74a04d1430eace29eeb5a6032769beda35f4b16153 |
| SHA512 | 3e7516023a1f8cdb74c0d94e0854a7c7a85c311b2fe18e7769002ce16ba8a8053c582aecce1cfa3970000cabf67646d6b39949a030c3cdee34e74761460918e5 |
C:\Program Files\obs-studio\bin\64bit\avutil-57.dll
| MD5 | ecb6526801232f8c593d64718ea84a24 |
| SHA1 | 6ed845896619e26a4438106e3ebc8e03ee3b0acd |
| SHA256 | ffd4bb3a6ad222f66d8d71075eb056282235f2d64399135bdcf68404d5c4dbc1 |
| SHA512 | c29b4fa23e15a9d7c33e388375d2eec363c3c7227f7f4ad6bab084ab1ce6a6588dee23478a10361ae173cd74a0c1be344b8a1c594b67d5529ce8ebc70c5c2ab2 |
C:\Program Files\obs-studio\bin\64bit\avcodec-59.dll
| MD5 | 4e11757e6e100d8ad5a9669495be4cf1 |
| SHA1 | 8ea51d57083ad3da35bbdb961893a68ca1136c84 |
| SHA256 | db9fb64bf039a90d9ce6e8b597a5bab6dd289b4223866ef128f7aa3e7fa93ceb |
| SHA512 | 98b08636ee69acfebb25033eea2e89bd240c2477a249455856939b09311805b7046bfc467ac023867860e0ef0654317b03bd62c8e1f555e693716fc146f01ace |
C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\rtmp-services\services.json
| MD5 | 50c422a979e96a968def5960ff89aff1 |
| SHA1 | ecc2b59cded66e640ca93e6ad716a31a215a2e86 |
| SHA256 | acf6dab082a433100ca4b25579260fca4d87fd8aadf285690884b8f3e7f90b9d |
| SHA512 | e4a8acd7ad90b6b92a85cdfc17110d2f698a8252011cfafdbf6efa063141addfb49ee0ac2f7aef0b66094c9f961e276c95849dee690ba79ecaecadf08139cb4e |
C:\Users\Admin\AppData\Roaming\obs-studio\global.ini
| MD5 | f5a16ac06453b7e4cf17ab4e90f00eaf |
| SHA1 | 365fe9f459828fc73d2c670b73c5838dae282e09 |
| SHA256 | 4263ddd35b9fedec213417adb5aa2694982d8fbeaf2a1b9010df069c3382bbe3 |
| SHA512 | 9daa0a8adea38a38fe12dec3db4d0af11ce2e5bac5c89858fba9ef067b1552f1ba1fbb3f572fd3e1904ce7cfae62b56810fce7e62464f3a76cb71e3ae3830dbf |
C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\rtmp-services\services.json
| MD5 | b5b4af42d637ef33305d8d6e97a397ce |
| SHA1 | 4f951f7e70ff8690ec3228e5c49e74da41be2c16 |
| SHA256 | f14bbf129bba54d9ab0e7bd71bb51ae985d6983e28b81fa96160038d1d690961 |
| SHA512 | 146daf26d31f53363ad6a740822a8c19abe2c938968d4a2262e06d54f7f0b3188de7c3abad2f23d98e964aa69d679e402a097d05d13410ccc5873df77d0b7833 |
C:\Users\Admin\AppData\Roaming\obs-studio\global.ini
| MD5 | 66293a6fbfdd491ad5cc2112937f8147 |
| SHA1 | 1566f32b27fc8b156c3d26afed4018b17f2516be |
| SHA256 | 0b27a864ee912dc3d4284d758ff78dfc7f20a3fee239a47657cb843a8fb3d15f |
| SHA512 | 05a9a971489c85cfb5e41cb42dfa13479bba9d2cd0d65f02b62aaf53fcccc803c1c3c053ece575e8da2c00ad769461fd8f8649ae6394044e5bbdae506aa490cd |
memory/5832-6518-0x00007FFCE2050000-0x00007FFCE2107000-memory.dmp
memory/5832-6519-0x000000006AD00000-0x000000006AD24000-memory.dmp
memory/5832-6517-0x00007FFCE8B20000-0x00007FFCE8B48000-memory.dmp
memory/5832-6516-0x00007FFCD9DB0000-0x00007FFCDA1FE000-memory.dmp
memory/5832-6515-0x00007FFCE0520000-0x00007FFCE0726000-memory.dmp
memory/5832-6514-0x00007FFCDA200000-0x00007FFCDCBDA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6c7cef9fa28f4e83d71a4fb3924dba87 |
| SHA1 | 66a88b1b7c5a62027302a08a894d5437c8699eaa |
| SHA256 | 3f1c286dea551b3cec542d9cc2de6eb4820f69fce2652d159ad0f0549d70649b |
| SHA512 | 15841444e5d5c6cb5f029aef596359dcb69feb08d448027034f0c8af0d142b6c70eba10b33b0e018ac6b94262ff2f38c9e92db40f9731482e186e9a2a1bdffbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598b3f.TMP
| MD5 | b17478c49b55b2935423cc5a1f40702f |
| SHA1 | 69ddfb0e4ef2d71053d6d55a84cddf1948151d9e |
| SHA256 | 62ed8d15aef652451749810e93ac9706b47a9df26037c815d11d8eab95f1f812 |
| SHA512 | 2e7957e45abd95d69947f3ddbb368037a6842274048e82d8c1bf53d91a5b38624c5e5e2f62740f323af52eaf39e875c4f0ddb77297d3753d5ca5bb1c60464888 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84b714ee6ce01d90e71b1ebb9742dd66 |
| SHA1 | f8f73466b9c5567311dbbfcd554d889881731b7d |
| SHA256 | 1d7bf5aa22b7d5a624543cae13a5dda471f2a91562e65b1d26a3fceda45e0606 |
| SHA512 | 7f47638a1537176771409acf0d5fcfc6802d2db0beb27d0b576c81748949ff769d3def83a3fc7f35b4918a3cd2016b04e1f1d73df3730f52144df7f9919262b9 |