redline | a4a57464834be9fcea74d15fe5712dcf86e7c673d82706cdf8cfbc5aa9fea17f

Resubmissions

25/06/2024, 12:01

240625-n62aja1gmj 10

25/06/2024, 11:59

240625-n54n9s1frr 10

Analysis

max time kernel
62s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OBS-Studio-30.1.2-Full-Installer-x64.exe
Size

128.3MB
MD5

bce9a48d09577df4232002803be8b7e7
SHA1

89651d5a375fbe6c0b03e03d7bbd62dac314e2f2
SHA256

a4a57464834be9fcea74d15fe5712dcf86e7c673d82706cdf8cfbc5aa9fea17f
SHA512

1d31e7b8a356db0d48f614b2f17ad760a9e4a0cd1e358613c328bf5a66c45094618ee520f5d2b1cfce9d5eeb5bd52b95bbe31a1390ead30c699c4cdf1a1084d9
SSDEEP

3145728:AxJfr5z+wXxayKEFtlKvbA7Nj3bfmSRcgQ/zjpcazd7jpk:UfVzHFt0U7NTD+ljpcaRZ

Score

10^/10

redline xxx discovery infostealer persistence privilege_escalation

Malware Config

Extracted

Family

redline

Botnet

xXx

185.236.228.125:15140

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/4644-48-0x0000000000400000-0x0000000000450000-memory.dmp	family_redline

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	OBS-Studio-30.1.2-Full-Installer-x64.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 7 IoCs

pid	Process
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
1756	obstudio.exe
2968	check_for_64bit_visual_studio_2019_runtimes.exe
1628	obs64.exe
2568	obs-qsv-test.exe
3900	get-graphics-offsets64.exe
5056	get-graphics-offsets32.exe

Loads dropped DLL 64 IoCs

pid	Process
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
1580	regsvr32.exe
3012	regsvr32.exe
1840	regsvr32.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000900000001e07d-17.dat	autoit_exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1756 set thread context of 4644	1756	obstudio.exe	89

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\obs-studio\data\obs-studio\themes\System.qss	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\hu-HU.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\obs-plugins\64bit\locales\he.pak	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\obs-plugins\64bit\locales\hr.pak	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\bn-BD.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-x264\locale\fr-FR.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-browser\locale\fil-PH.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\luma_wipes\clock.png	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\pt-BR.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\vi-VN.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-studio\locale\ja-JP.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\kab-KAB.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\locale\en-US.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\id-ID.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\nl-NL.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\win-dshow\locale\gd-GB.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\coreaudio-encoder\locale\ca-ES.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\themes\Acri.qss	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-dshow\locale\ug-CN.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\tl-PH.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\obs-plugins\64bit\locales\hi.pak	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\coreaudio-encoder\locale\ba-RU.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\sr-SP.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-studio\themes\Dark\expand.svg	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-websocket\locale\hi-IN.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\locale\nn-NO.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\decklink\locale\bg-BG.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\decklink\locale\gd-GB.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\el-GR.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\bg-BG.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\ka-GE.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\ug-CN.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\ko-KR.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\decklink\locale\ug-CN.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\sr-CS.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\mn-MN.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\ru-RU.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\id-ID.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\themes\Dark\sources\scene.svg	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\hi-IN.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\locale\da-DK.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\rtmp-services\locale\da-DK.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\cs-CZ.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\obs-plugins\64bit\coreaudio-encoder.pdb	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\obs-plugins\64bit\rtmp-services.pdb	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\libobs\format_conversion.effect	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-studio\themes\Dark\media-pause.svg	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-filters\color_grade_filter.effect	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-filters\locale\de-DE.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-browser\locale\nn-NO.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\hr-HR.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\rtmp-services\locale\ba-RU.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\ja-JP.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-studio\themes\Light\updown.svg	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\fa-IR.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\tr-TR.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-filters\locale\et-EE.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\pt-BR.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\bg-BG.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\nl-NL.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\data\obs-plugins\obs-webrtc\locale\cs-CZ.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\sr-CS.ini	OBS-Studio-30.1.2-Full-Installer-x64.exe
File opened for modification	C:\Program Files\obs-studio\data\obs-studio\themes\Acri\checkbox_unchecked.png	OBS-Studio-30.1.2-Full-Installer-x64.exe
File created	C:\Program Files\obs-studio\bin\64bit\obs-scripting.pdb	OBS-Studio-30.1.2-Full-Installer-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3056	1756	WerFault.exe	88

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	obs64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	obs64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	obs64.exe

Modifies registry class 27 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b714e56313200001000800000aa00389b71	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b714e56313200001000800000aa00389b71	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FriendlyName = "OBS Virtual Camera"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\ = "OBS Virtual Camera"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\CLSID = "{A3FCE0F5-3493-419F-958A-ABA1250EC20B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\CLSID = "{A3FCE0F5-3493-419F-958A-ABA1250EC20B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\ = "OBS Virtual Camera"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ = "C:\\Program Files\\obs-studio\\data\\obs-plugins\\win-dshow\\obs-virtualcam-module32.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\FriendlyName = "OBS Virtual Camera"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3FCE0F5-3493-419F-958A-ABA1250EC20B}\InprocServer32\ = "C:\\Program Files\\obs-studio\\data\\obs-plugins\\win-dshow\\obs-virtualcam-module64.dll"	regsvr32.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1628	obs64.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe
3336	OBS-Studio-30.1.2-Full-Installer-x64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1628	obs64.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
1756	obstudio.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1628	obs64.exe
Token: SeIncBasePriorityPrivilege	1628	obs64.exe
Token: 33	3096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3096	AUDIODG.EXE
Token: 33	1628	obs64.exe
Token: SeIncBasePriorityPrivilege	1628	obs64.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
1756	obstudio.exe
1756	obstudio.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
1756	obstudio.exe
1756	obstudio.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe
1628	obs64.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3900	get-graphics-offsets64.exe
5056	get-graphics-offsets32.exe
1628	obs64.exe

Suspicious use of WriteProcessMemory 31 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 3336	3592	OBS-Studio-30.1.2-Full-Installer-x64.exe	87
PID 3592 wrote to memory of 3336	3592	OBS-Studio-30.1.2-Full-Installer-x64.exe	87
PID 3592 wrote to memory of 3336	3592	OBS-Studio-30.1.2-Full-Installer-x64.exe	87
PID 3592 wrote to memory of 1756	3592	OBS-Studio-30.1.2-Full-Installer-x64.exe	88
PID 3592 wrote to memory of 1756	3592	OBS-Studio-30.1.2-Full-Installer-x64.exe	88
PID 3592 wrote to memory of 1756	3592	OBS-Studio-30.1.2-Full-Installer-x64.exe	88
PID 1756 wrote to memory of 4644	1756	obstudio.exe	89
PID 1756 wrote to memory of 4644	1756	obstudio.exe	89
PID 1756 wrote to memory of 4644	1756	obstudio.exe	89
PID 1756 wrote to memory of 4644	1756	obstudio.exe	89
PID 3336 wrote to memory of 2968	3336	OBS-Studio-30.1.2-Full-Installer-x64.exe	100
PID 3336 wrote to memory of 2968	3336	OBS-Studio-30.1.2-Full-Installer-x64.exe	100
PID 3336 wrote to memory of 1580	3336	OBS-Studio-30.1.2-Full-Installer-x64.exe	104
PID 3336 wrote to memory of 1580	3336	OBS-Studio-30.1.2-Full-Installer-x64.exe	104
PID 3336 wrote to memory of 1580	3336	OBS-Studio-30.1.2-Full-Installer-x64.exe	104
PID 3336 wrote to memory of 3012	3336	OBS-Studio-30.1.2-Full-Installer-x64.exe	105
PID 3336 wrote to memory of 3012	3336	OBS-Studio-30.1.2-Full-Installer-x64.exe	105
PID 3336 wrote to memory of 3012	3336	OBS-Studio-30.1.2-Full-Installer-x64.exe	105
PID 3012 wrote to memory of 1840	3012	regsvr32.exe	106
PID 3012 wrote to memory of 1840	3012	regsvr32.exe	106
PID 3336 wrote to memory of 2328	3336	OBS-Studio-30.1.2-Full-Installer-x64.exe	108
PID 3336 wrote to memory of 2328	3336	OBS-Studio-30.1.2-Full-Installer-x64.exe	108
PID 852 wrote to memory of 1628	852	explorer.exe	110
PID 852 wrote to memory of 1628	852	explorer.exe	110
PID 1628 wrote to memory of 2568	1628	obs64.exe	112
PID 1628 wrote to memory of 2568	1628	obs64.exe	112
PID 1628 wrote to memory of 3900	1628	obs64.exe	114
PID 1628 wrote to memory of 3900	1628	obs64.exe	114
PID 1628 wrote to memory of 5056	1628	obs64.exe	117
PID 1628 wrote to memory of 5056	1628	obs64.exe	117
PID 1628 wrote to memory of 5056	1628	obs64.exe	117

C:\Users\Admin\AppData\Local\Temp\OBS-Studio-30.1.2-Full-Installer-x64.exe
"C:\Users\Admin\AppData\Local\Temp\OBS-Studio-30.1.2-Full-Installer-x64.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Users\Admin\AppData\Roaming\OBS-Studio-30.1.2-Full-Installer-x64.exe
  "C:\Users\Admin\AppData\Roaming\OBS-Studio-30.1.2-Full-Installer-x64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3336
- - C:\Users\Admin\AppData\Local\Temp\nsc732E.tmp\check_for_64bit_visual_studio_2019_runtimes.exe
    C:\Users\Admin\AppData\Local\Temp\nsc732E.tmp\check_for_64bit_visual_studio_2019_runtimes.exe
    3⤵
    - Executes dropped EXE
    PID:2968
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module32.dll"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:1580
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module64.dll"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module64.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1840
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk"
    3⤵
    PID:2328
- C:\Users\Admin\AppData\Roaming\obstudio.exe
  "C:\Users\Admin\AppData\Roaming\obstudio.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1756
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
    "C:\Users\Admin\AppData\Roaming\obstudio.exe"
    3⤵
    PID:4644
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 696
    3⤵
    - Program crash
    PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1756 -ip 1756
1⤵
PID:4420

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Program Files\obs-studio\bin\64bit\obs64.exe
  "C:\Program Files\obs-studio\bin\64bit\obs64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Program Files\obs-studio\bin\64bit\obs-qsv-test.exe
    "C:/Program Files/obs-studio/bin/64bit/obs-qsv-test.exe" 4e82 4fad
    3⤵
    - Executes dropped EXE
    PID:2568
- - C:\Program Files\obs-studio\data\obs-plugins\win-capture\get-graphics-offsets64.exe
    "../../data/obs-plugins/win-capture/get-graphics-offsets64.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3900
- - C:\Program Files\obs-studio\data\obs-plugins\win-capture\get-graphics-offsets32.exe
    "../../data/obs-plugins/win-capture/get-graphics-offsets32.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x388
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\obs-studio\bin\64bit\Qt6Core.dll

Filesize
5.9MB

MD5
ba11408415638c1c3f355a209ce05e9c

SHA1
5dd4f9a72a7606725e716f92e6ad619a5b7e8bf2

SHA256
c2bc679edd4a4b5762becd17fc34bcf0bd9dd28c2d1b1e3f6a36ff22d80734b6

SHA512
bfc3c85c1fa87210b03c22c1b59566dd706f0b69ae65e8ebac339e7e29343b0369d601215f8a0411f5549ce359cbe87b78f3949df3e80df661500de2455335a4

Download Submit
C:\Program Files\obs-studio\bin\64bit\Qt6Gui.dll

Filesize
7.3MB

MD5
f0e9938f46b0b5590b380eaff98395e1

SHA1
18f3d65fc6a873c97120fb3001de3abdaeec86dc

SHA256
3fe1aa1eaeb92df2c10364e726b2eecb49e81f7cce1ac0e5c240d24b22fbc05f

SHA512
be8766db88632cf1ebf0cbf7d225c149dbaea9e2b16287f7d613d473534017518eb0ede0ec6a2962bcd61d49188d12c06fcedfe3ccb00ae946e96b4e06ccec2d

Download Submit
C:\Program Files\obs-studio\bin\64bit\Qt6Network.dll

Filesize
1.4MB

MD5
4b641d136dfc03fd367ca3a4bb727d4e

SHA1
11a39f88998774958a25fbdee6b0d1dc2cc23f52

SHA256
9004b18042fff895755edd4d2f1c36ec37c35d47aeeb78607b62d41c35f4a0c0

SHA512
a5e5c675e8bcfc7af4689c8a85c1f695c6839556153aece1acecf7bc5967094bd20d89dd088f2080886450a2705d5d1ac8631cd365e16027aa5d10c9798cbfb5

Download Submit
C:\Program Files\obs-studio\bin\64bit\Qt6Svg.dll

Filesize
369KB

MD5
f86505fe361cb0de2782e815170dab6a

SHA1
968f02b6e977b1d9d34dacc2281ef1ebe13f077b

SHA256
472c6e2eabc1d682d85b2823deae9a50e68deef32ae5c48e43d0a10002e57d15

SHA512
5483326c5fbc6cb6305975cd2cd2c9f226e74200b44c6f45894e5a4b67b62743091ffc03ee83f1b3ef7d2b26617d8025c384219bf5baf2075a2ad7ff5d29c0ad

Download Submit
C:\Program Files\obs-studio\bin\64bit\Qt6Widgets.dll

Filesize
6.1MB

MD5
90f612ae34aba0896dc2174b6ced4001

SHA1
1a772932f0049af65b9b75f0780d3019ef587a43

SHA256
ce7b5577fa226eea7244fd3c05fb197178aa883634eb657cc75cb0de93aafb83

SHA512
e5641848af3722bcac0378540548f4f8f4cbfab648f2af16770006da445acc1cbd0fd45ef26a56168b226cf36bc143d15fab2174c27a32c61a499445c0981f7f

Download Submit
C:\Program Files\obs-studio\bin\64bit\Qt6Xml.dll

Filesize
149KB

MD5
fe771a1858bcdef302d1cf4abf5bd31e

SHA1
e2a610a2436b9f79b87d6ffa503296eeb89c66f5

SHA256
fa3b18a918ca6f2511db9a0028e9a55ff8828235178352974e7560612843b073

SHA512
fe3ac8aa3d1201e88c386da66f2bb97d361bb3fc8b10df531ce316d9d959a46ba53af8034d4306606cc6e01f3ef7247e3fbcf253b95b9be42cc68ca8303e90ef

Download Submit
C:\Program Files\obs-studio\bin\64bit\avcodec-60.dll

Filesize
32.9MB

MD5
ee8ec4308bb1b4671166461db172d095

SHA1
c94392a719772d199b0369c7e9888a2301df1983

SHA256
260e010cc62b0e8198c45fa396e96bdac441a981ff2c397155c143dd3aec306b

SHA512
60fde20414b5269f094b4899bb613447ff5e0ce1a8a85f148c10ae4fc0b22b29a5191c1d56ebd80f25737a6c685a3d6320c876ac254d2d06680e90e8249be306

Download Submit
C:\Program Files\obs-studio\bin\64bit\avformat-60.dll

Filesize
2.2MB

MD5
da827ad411fe22ce3f84ed8fe73c5df4

SHA1
c10616af88a84ac5a496248acb63e5e06ad492a4

SHA256
727b67a029eef57d7d98641d3b895e59957d8ad5803c55c19e464b7179c02048

SHA512
b5e1bbd93e31dcd2a9ea1342f99d77cd6da7137b8c83cd4b8777da39c647227292210c84888ca9b72707fac9c2e9570198d41194329d3ef50a3e6768d37594c3

Download Submit
C:\Program Files\obs-studio\bin\64bit\avutil-58.dll

Filesize
860KB

MD5
94dec95ca32de682ede8d17e1837d264

SHA1
cbbab2b1a2f9200ae90bcbfe3527cac982ca2556

SHA256
80208ba63eee86c51978976db732fd40ddbb49e9523b671f44cda65b47cd140f

SHA512
2c59b8257ad9184339cb125d85b7fb2d33c2a4d820cd44790aef87660677438cd80e24ff64b5b889b0125016e1541ef5b55f41f27f91d9b2257a89f2d7fe0c4a

Download Submit
C:\Program Files\obs-studio\bin\64bit\iconengines\qsvgicon.dll

Filesize
71KB

MD5
a4345805ee1b899a5ec82b5af8c8df00

SHA1
dd4cc824df1579f6da5cbaf167b7abb06a2b03b2

SHA256
d747d93d7e0415c6386a1eddd95dbecb8f82470ee367926e50be437a79a4ddfe

SHA512
b98d58030da603a09a865bf39176087ac88910db66f8ab0ba7b2663cd818a111ad7be5a3021b6164420057a36b1e4b1788be592a000f918fcea848138861dac7

Download Submit
C:\Program Files\obs-studio\bin\64bit\imageformats\qgif.dll

Filesize
44KB

MD5
509f7e192e4f9f59d16c191fcf921183

SHA1
c48008d0cb76a4ad32bc938aafe33e615246fe6c

SHA256
d680738204425f34a1ee71929594f7cfe0a6828e7355b4c087f778193c5860d2

SHA512
0a43631376d6f910e92806267601d30e2b8505b1f506c11fa676f61fd65db1d34909227ccd3bafbea80ebef19b58adf00e099e0118c5a480be0b8ba108e9a1a5

Download Submit
C:\Program Files\obs-studio\bin\64bit\imageformats\qicns.dll

Filesize
50KB

MD5
06b516c34865263fdfa8cf31055a6b86

SHA1
2a24d173a80e62cdc97bb1e3fa76589bcc5e22d0

SHA256
bb1fb7d958ca9add85671c8e76b4bbfdb1256ce6699929e3cebf1c0caa162490

SHA512
b5d5d55be13abe0f30d0d2d6e21d27fe1728b55cf6e3a1c380c361ba390586efb636843e35aff0334da255e529b7fe75a24406eeb630accda1fc22b1f5ea8eed

Download Submit
C:\Program Files\obs-studio\bin\64bit\libcurl.dll

Filesize
538KB

MD5
d7b4b9e0e2cec648deaad49a8a183ea3

SHA1
d354db82f6d69349403cdc3a976b7cf41dd38dd2

SHA256
7447803d04de6f873b828e083273b2f68ba42c8eb8dbd7cd8d57afb44458a234

SHA512
83c69918ef3244763ab7e95bb3c66bf41bd7b1e04617f87affccfa66f6e00a00595f21f9083dc1fc701fcc31c2ca4c359a4e7af21ebb38135793109a583a54f0

Download Submit
C:\Program Files\obs-studio\bin\64bit\librist.dll

Filesize
219KB

MD5
359d5d7d8f7d199044f6505904d90219

SHA1
f1aea81fc7444306360fe36f724dcdec391b85fa

SHA256
ec1963b4da27b63c2a60e160d06b350f38f82e672c6af751e737060ddf64c910

SHA512
141f112a90f69c158f65dc1ff685bdbdcfcbb4d0e590bce28397e7670549881d9ae690ed34bbf4ceea2ea11addea348480f64538dcf56198c38da336d49c1488

Download Submit
C:\Program Files\obs-studio\bin\64bit\libx264-164.dll

Filesize
2.1MB

MD5
84454ad6e25cc658dd180105236ade86

SHA1
ed5fdd0f1d46be7731639113b24c2a03367e7978

SHA256
7e25e3c5540247ab802396ae2041e4c9d43651b523eaab23c3fe32f4f78bc691

SHA512
6f508fda7a1b6412b71d7c84330c0b1e84617018a618517910a3961e762d2843df3d4cbd4c8571da90e99c8f095a80d100222bca5e3e7ebfa22ed4f3f660d64e

Download Submit
C:\Program Files\obs-studio\bin\64bit\obs-frontend-api.dll

Filesize
39KB

MD5
e797b19e025b5c8e070bb8ed224d62fb

SHA1
ef4f70cc7b2c7f80d2e6a9cdeb3dbf0106fc1e1e

SHA256
e7921814debaa065afc1351ec979269ffada1901fa8d4ff59fd2333dd2f05ad7

SHA512
8616649c1604596cb8ad81e92dfce5c8d5af6624e4b644366c9e171deecb0ec613f63b7aff024740ece8fd62eb611173911af45552b5e81dd29d6862f0e85747

Download Submit
C:\Program Files\obs-studio\bin\64bit\obs.dll

Filesize
824KB

MD5
db99cd280f99502870e7949c3293f5ed

SHA1
9d83203c6c9ef298927c2313ceda67baa5f7340a

SHA256
6e480f7ac31fa28d9595b8c6bbf52c134f6ba7a14ae47a71689f5bba0540462f

SHA512
861b5f24169026ee4e992c454a78dce63c3631758e863773ff59555716d14508e0d6af638c8b586bae759a7dcf707d5fe2e2c5e674368c330e0846968a2c8871

Download Submit
C:\Program Files\obs-studio\bin\64bit\obs64.exe

Filesize
4.5MB

MD5
31e270e0985ff7b203748c6a4e8593d7

SHA1
66218c378a36966db0224d18c05c183df737e917

SHA256
ea487a3cd6b81e6c31604f4dcc260fab2b6d16f45ae17f21b55ebbbc45d69acc

SHA512
60f3c23e5980ec9d74731fb44d7fa1b42e3b2a6e672df23cd6676214a692ab534989c67d542449503c950284809b932ee505b1cf299ca1bcf03d10ecc0d73431

Download Submit
C:\Program Files\obs-studio\bin\64bit\platforms\qminimal.dll

Filesize
54KB

MD5
9b4f4eadf80a0f0279cfa9b96b81da98

SHA1
1900ac47eccd3cf4d36818087272a2e8ffc7917a

SHA256
a1a9cc3f46c70298d9262b7f50330dfdd1b344ed19b7a1649f5cc851fa0d38a9

SHA512
a6de71b0726b9c441ccc6034a5fb041a910052d7a307edc7aa6bcf8349f688cd5c53706caeba2c41941990fc492488060807b7558e066420773039d3a360e1f1

Download Submit
C:\Program Files\obs-studio\bin\64bit\platforms\qwindows.dll

Filesize
849KB

MD5
e31a3f3db0e513b1978efe8d1ce75697

SHA1
dd84c98677b5a36dd79c9626b0917f9ea57d3e9c

SHA256
f3388974b85adca19b3ca0dcfb1f7cc0497dcfdde79e4e43805cda61aa1acbe9

SHA512
4ce92e0d1e1bd24618e2695c65510e0ea76deefb8056944ba014f356c1dfd1f1d743cc95b197aa6ee4239de9513b7c57db63819bbe43a7cb4bfd4c6806d0b707

Download Submit
C:\Program Files\obs-studio\bin\64bit\srt.dll

Filesize
674KB

MD5
3164b50ba87bf0eeac55409d3860b77d

SHA1
c13ee7bb2b7e94f062117d9208cbe77751b81a90

SHA256
f7c0215f3c589057d976be397612ee7f0d79c9cb176fc0821f988a30382682ce

SHA512
1ecb7fd6e5788a601ba9b92f3c456e766c44e56e8ae3c6b095651ab6a61afe5c1d99cece06982c341c04748d0eb2ff7fb882f25df79653f5d7b171ab7bff766d

Download Submit
C:\Program Files\obs-studio\bin\64bit\styles\qwindowsvistastyle.dll

Filesize
144KB

MD5
6fdba86b12646cf37c27ce16ca907754

SHA1
1560a15d7fb47aa799791b9d4e0c54759d7102a6

SHA256
6551a22234cbea3aa51e47b3265e308bb1036e6aeafc4976c0aeece9cc57e0ce

SHA512
135330650033a1081aa66db5bdd811e095737b2f11c22678cce8628d1104343c84377ba9ef1d40ba4b1a12fa949b5919090d5d092fa380960ef641bdbf7c9f52

Download Submit
C:\Program Files\obs-studio\bin\64bit\swresample-4.dll

Filesize
132KB

MD5
6e9337407734db4655137f7c870e88b5

SHA1
bec270ee9a3e60df69661b4453ace9a2aac3a488

SHA256
a252cf71186041619afb74b402093e21950dd26d6dbca36835768941cc4336c4

SHA512
92f2e2e003c5859b899e6bbdb066d82fed80ca0977fa67aea0744d014561e5bd42a13cc970b50f1705c9989cb8d3496e534a9c5fdeee178631b7455c1210332b

Download Submit
C:\Program Files\obs-studio\bin\64bit\swscale-7.dll

Filesize
572KB

MD5
7d341cda14f33a419ab82a85c6b30bf9

SHA1
afdb978999edadc8e7a39fad5b06871dea1ce905

SHA256
6ebe1fb470a94963c881ca3cf10bb8b3edfa12078240535159fc7313616572a3

SHA512
fe59ef39a19e340dbed80105148663c3a070825d992dca7eeec9e357fe003407cad52041f77ada27250531a6bead9ff28ae38b1f2fb86b0f3adc41cdba5f3c05

Download Submit
C:\Program Files\obs-studio\bin\64bit\w32-pthreads.dll

Filesize
52KB

MD5
e2ddf773cfffcf1da282c762d56052ad

SHA1
56a002017ea1062b3b446859b198b5a4cd3d78d9

SHA256
92894b3b18e7680be877afbdf62e1c1c45e6b4b2e83a1098e59fb599f074ae29

SHA512
954567e0adfa60a4d8670aa4ed43ff3b614609fe6a46e55f6fca057520ed695c1bd14ccce0cbb5e6e9112e2d72e601b126120e1c74cb6783e0b97c32aaf1d451

Download Submit
C:\Program Files\obs-studio\bin\64bit\zlib.dll

Filesize
92KB

MD5
556f31177c5bf4ccc9a8d848548ad562

SHA1
77d74b75f6bab464f402ac63104ee7ea1e6abce4

SHA256
950c0791d3b22fdca2db39b32e4dff88c4dc15c3bbf72562ea1edcecd4f4fb16

SHA512
028b8162f2af513b553fdf69daef4b45cfe1d1971562f234c4623a2cab2d54fecf94d60523bf912be0d3519c60a231d5ee2cd6712778b672400054d3c18f80ba

Download Submit
C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\oc-FR.ini

Filesize
18B

MD5
0ebd4c9db48f04f789e6254a92af4b97

SHA1
45f98976d001a97e4b18489cb73cca2aadcb1cf3

SHA256
54550f5495ca78de8ab1b4d32ddec042077823cb5654808e9f9f003857125450

SHA512
9b3ca441b80f23ff89094175bca2a2647d76e38277830420e933935a631a82ee010743410b632078750f4272cdc6b3362a56649ce9694a2c712367e0ab7f0e21

Download Submit
C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\en-GB.ini

Filesize
1B

MD5
01abfc750a0c942167651c40d088531d

SHA1
d08f88df745fa7950b104e4a707a31cfce7b5841

SHA256
334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b

SHA512
d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

Download Submit
C:\Program Files\obs-studio\data\obs-plugins\win-capture\schema\package-schema.json

Filesize
1KB

MD5
cfc8555dce7c954555346ec0ef15fae8

SHA1
da1983d90d8bbbd3eb778ebb92d45427f1b35f41

SHA256
524437addbda00d3a64413b639847211054905a959786a4a5609fcbbb1f101f5

SHA512
4add0e8632568a665d640f63ec9eb992a3f50a21675883d48d26e784caf8b25c4bf6de706c2ab705fdad325adb02cd681779eed632976dfb042caa88a16d390d

Download Submit
C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module32.dll

Filesize
177KB

MD5
27941252842fce9dc327c745a643e969

SHA1
9175e7b1fe1b65ced8a84d4280c7e0c75543fe40

SHA256
a87583f4c024a29c42ead56f98aa0aab1e38fadbfe51ee809b8e2ec1364ff409

SHA512
b76a9e7e9bebb5c6b2ac7c9b051542a5721009c6b373cd8f489a40177a83916fbc439e85f2ea2fb97dabe298224c27791c130dc5b643891f6652b8128fc4fd1e

Download Submit
C:\Program Files\obs-studio\data\obs-plugins\win-dshow\obs-virtualcam-module64.dll

Filesize
224KB

MD5
957318eabf0bf6d85fa1fc730e0f3aa2

SHA1
0e3f2443630fd3ab01eae3332bb15585c40bc41c

SHA256
2704b7e9ba8261009877a15f0f00c1c063de971fdd36b7e55389ae8d6b7d7b77

SHA512
79d223d65d3e6cb5a36983f331af2f05a34dbc01f693764e05d1cfa0fc4c650239fe9172440c70cd10fa5fd7eddb5026fb84a331c8048fa90850b5397b551fd3

Download Submit
C:\Program Files\obs-studio\data\obs-studio\themes\Dark\media\media_pause.svg

Filesize
526B

MD5
f26adafdd9d123f489f874c9a1b4bcbf

SHA1
228f6132d7e7abcf77fcd49409f07e68b25d4adb

SHA256
3a8ebca48196921a623b652c07344507f14fbc265a125ead876e89b28ad946fc

SHA512
3ea1adbc6d327e09418a0476971bbb4868effb171045cc0743d21dbed3535eea275518bf9aef9eecf33e9653b19ddb751d3826d53907690672583243e64c13bf

Download Submit
C:\Program Files\obs-studio\data\obs-studio\themes\Dark\sources\media.svg

Filesize
558B

MD5
7de24f4b717974d92d44505a76bfbf14

SHA1
7695bf5a0dcf4847644ebceff8564f0e5c214dd8

SHA256
0c3127f56d6c3bfab49108c5d7f2e405f7e3c80f8ea9f5c407fa0902f02d919f

SHA512
75023a1588843a5a91c12787cea903b42da052a06106050885160dcf90386cdf8693fc0323d60802c767b524c7d4e83083815cb2a786aa6c082e88bf12c45640

Download Submit
C:\Program Files\obs-studio\data\obs-studio\themes\Light\mute.svg

Filesize
1KB

MD5
a98eb26acbfc095a09a54d004bb39d7f

SHA1
2254bb0d579be6555c85d5d61818b95c6306a597

SHA256
ab6ea7c4f98008a19662c171a03fffd0cba96a7abca34896c67de841e81727e1

SHA512
fb11beabd774e87911ad38975d190f829e48dd963074c41f610842738d9938865dd809846a4e75ee9e717be67e393d612019beedfcce42bfdda67bf19a975c50

Download Submit
C:\Program Files\obs-studio\data\obs-studio\themes\Light\sources\media.svg

Filesize
558B

MD5
782275b15439d90e21c0595b28e1f251

SHA1
a40a166994402a2fe2e782864c3612dbf2619179

SHA256
16440c1cf957bf20c8cb01d2a490ff46d4f2812376275d35051b659b62ac888d

SHA512
704da362efe3ee13771d589d1c3a94a8a85836d5c26d35aa76d02f502f683417e162df4067fb7fc26762c858d708b921a5fcf6c80f6505ef90dfa68c102af738

Download Submit
C:\Program Files\obs-studio\data\obs-studio\themes\Rachni\checkbox_checked_focus.png

Filesize
147B

MD5
0ca13c84736f193c4ddc36408b63eb79

SHA1
daf222b1b08d7f2645fdc2e25e63be2aa50e9b79

SHA256
9b7da86b40e8fe9da37ba2a4337c9bce14b07153a9722dd3de7772c1c5933ded

SHA512
1f95694e920b1be5a7d9a4c4f7eabccde8326965d8b1e3211085c67e84229f76300aed6ae29e2d79e817857cfe7608919233057fad6fda3bf515c59f3604099c

Download Submit
C:\Program Files\obs-studio\data\obs-studio\themes\Rachni\sizegrip.png

Filesize
107B

MD5
3cc9de00b77ffe788eb826b8608cad0c

SHA1
d7ea0e97469cd971b8e00ee564a540f24a9f1752

SHA256
31582f8295152ee22f44910556be5c2280934214a0ea3db73897a4c93cef34e3

SHA512
ed0f66eb14fd12f5a6e52825d209cf74e48be44933e2702f790ad0024b31d2f4c998d87e04f14fc80fb56bc6b2a257907a2a143334e79ae0cbc07e264ebb0c96

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk

Filesize
1KB

MD5
9b9390800a76a11025761c8e09ae9715

SHA1
df98c96920c1f15b1f49183213f40c3ac4064437

SHA256
86849ade0b5a49774453f0df2cc11a700f326c1a214f455bb7ca18fbc26959e6

SHA512
282b1db64967283cbe0925ef657f93aa331a87f6c22009ab72d21210dbb077513776d6b50b29d7a35256ecdd1cef50db6df5274606b7a1f9163bf330cc8b8188

Download Submit
C:\ProgramData\obs-studio-hook\graphics-hook32.dll

Filesize
227KB

MD5
0383fb96438135078ffadb68db76f3d0

SHA1
73f2535ca43445f59cda47f0e89a0e3dd23238a1

SHA256
6965fbb066e97081b0fbf37192176ca95255225c81a465f69da8d841a1750251

SHA512
f401f588147c2750006335718526cd4780f02c5c07cf25b57575e1ef9ebe6ad03e55751e5c9966bb6c0c333cb547342a84d7bc4065bfa2cf8e343cc094dfd2ba

Download Submit
C:\ProgramData\obs-studio-hook\graphics-hook64.dll

Filesize
288KB

MD5
3034f458752c9f00a27450b24d83c4fd

SHA1
685a12e9d361f76a13d3c1b079221569fb9defd1

SHA256
9337568ca033a9dd2efab5fdb16dbfa6493da84588b912faa03f7b2b739f2f97

SHA512
740559b48e401438d4c1b9bfaa36bd03bdd77c1583dbd3626e4dddd52b5889e5f994e779f112c9ac56ba744259e4eadafb497d7b62fa670e79f7ee0a8d784dc4

Download Submit
C:\ProgramData\obs-studio-hook\obs-vulkan64.json

Filesize
514B

MD5
4a0ee9e5f72aec20551148f649ed58c5

SHA1
f5e897db4a7c311b2afbe6054fe28ba459712481

SHA256
7b6b0813fb58b276847a8583eb5c3f94aee7d7ad0ae3a1ef6133d5d8771f20f4

SHA512
8c7977ba8781ab0ad9d0ddeabb230d9466da6c9c47f33cbcee6380079734e832a1000e4a55218ea0d5acaee500fd458a3be76c6d4cb2831767cdc07c3930aad5

Download Submit
C:\ProgramData\obs-studio\shader-cache\1ab7aa1b854459a7.v2

Filesize
840B

MD5
0b2301660cbb980468bf1b8b4eda87c7

SHA1
ef3c7bf64ca477dad586d5ca3aa16318b27f4e72

SHA256
d913ce5b4ace04b97bb8f05bf49d777a5c231ce0737dd5a63bcd3215d8c63bd9

SHA512
b392bf58b9da599c8896f233c4a01e61e23546daef235d279b771a8849ea718a13b457b768b7196e3800ab82d24b946e066d334299142551bf3565d96673cf80

Download Submit
C:\ProgramData\obs-studio\shader-cache\4545d6ee7b176b7d.v2

Filesize
964B

MD5
925008d85689f03f9c2c19b2a58864ef

SHA1
9707491fe67342b0428924976a5d4d4cca787fef

SHA256
b03ed79f9d040f865ac250b25a7a99ccebf244c5bb9d2bae4287f025bae8edc1

SHA512
097e0733c12a57d148ffbdc844f9444026fd13359a52d8fe73d172e8ac8479d4e23dc1a00be3b04f2880e2f094a7a322fcafc3ba00603ee7f89c586a75cf84fe

Download Submit
C:\ProgramData\obs-studio\shader-cache\62281a72182c4ba6.v2

Filesize
908B

MD5
a09b098bf807333abd23734e543dc2e5

SHA1
972a560bbdcad956b41b96d5a5d98b74b3744aeb

SHA256
5e7044f39d34e7f45770264f93647c2701bed73c904f8f233dc5ea94870b4403

SHA512
bfced55e2eeeff8f5393a84b23ca0bec0391411a1b649be153cc1563c1e736e3e124b502fb6df18c5bab5ccb9f6dbd6369cbb5251dd03acfce8078ee96d8eb05

Download Submit
C:\ProgramData\obs-studio\shader-cache\6a755cdc9e6092ae.v2

Filesize
840B

MD5
a301b07b443e54d2763c6cdaf88ffcef

SHA1
f2da06b9dd608eb5786ad2fbbb42aa77f351c39e

SHA256
fccbe79d93005236718ff168a3ba2267d228b4f93cbc848a95eda3b8482b6697

SHA512
db51188f09eb3b13baeb726f80f06dbe36d1ae8c960aa75a7f88eedf42e67e286f3e7f33034fbe9a16c7cd339058dc4782e58467b0c033e94073bd326dcbebf9

Download Submit
C:\ProgramData\obs-studio\shader-cache\7a6e3fecabdd460d.v2

Filesize
888B

MD5
b1695633020889910efc1cd4fb9b02a0

SHA1
09eb2ec232b08bb092fe2cfcee795ee57275f93f

SHA256
3b625049381ef7d97538364c28efbbde8e5eb28f010f077afa36ef5a74778333

SHA512
2b4be7f4c6c8182a119d440204505e1022d017d9199933a9162a35ad5b2092efee29be847caddaf7e73d310a320f69481381a4527a59a9847ded132fc42946bc

Download Submit
C:\ProgramData\obs-studio\shader-cache\7f0084f9c4106e16.v2

Filesize
1KB

MD5
15d39c0e4271b5ccd51d06dd38ea848c

SHA1
beb07872ec6f978633df7a92ad12e239a41f0587

SHA256
ea9109f443a204812899fc727c2e3e779a9114136db0afd729deec2e817a2db0

SHA512
16ab1fb86f5ac7dd412c1e3f87668a8ced4881a578739077ef74f68869e3be4d802fad72232aed270be0be25712de494473b2f883a94acccd1dfa7342a83bf7a

Download Submit
C:\ProgramData\obs-studio\shader-cache\8d390f4ad08d5c53.v2

Filesize
936B

MD5
edac8cc11ee6b2f4eedf0767d9bd1a25

SHA1
816ae2f8507a2dd7f87da5645e5a28f144811539

SHA256
442e3643bab4f98c14485a18e239d2580f18989831f9cadd19129e3df30789e2

SHA512
666d64b4caa7229b888bbffc58db1995c791c8a6b1518fca195f466b6e5f6062f5928f897ed5ff14b02518df6fc078dd45662bbddb5d5805a6cf34d58e4026f5

Download Submit
C:\ProgramData\obs-studio\shader-cache\9ea4a251d7aa3c18.v2

Filesize
624B

MD5
e8f1aac1454a9411ecfd28bdf322b910

SHA1
12ca860dff45487c176212e2e4db4ced5112991e

SHA256
6c40664272501dab61c1507f87b612d40819510781d05971735443cef8ebc95f

SHA512
677dfc0140b6a75fbe9ae6e2c59dc0f305c8d5d7e34f858caad917893614c95c7eed8ddfb280d2f913117e3b02dc6613e369550ba38f97102fd6c4b197930254

Download Submit
C:\ProgramData\obs-studio\shader-cache\cd9cfd09db70c3cd.v2

Filesize
960B

MD5
a36fa067d5417109e7c2a79fa47109e8

SHA1
2cd916c1a5c0a21b021ebc424ab316be4cbcb499

SHA256
c0d87fc26b604a942bb03b1349794cb397ababfb1a14eb09fd8ea1de5144aed2

SHA512
d826b76826b10f675fd40fc36ebf3aaa8b5b69c41090282b491a7ffa77b853db80a3473f6032bd1afe406e5272d671585a93d0bca29d7cf9029ab50a140cd1cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc732E.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc732E.tmp\OBSInstallerUtils.dll

Filesize
426KB

MD5
e1f825260e7224ef0526514754f7d0e8

SHA1
553d67289b039ffea5d8b59f509b9265dca2ba19

SHA256
1d84aa191fbbd842d5eeed302195579de1256a9acb980308bf31a631ac01e530

SHA512
b9453eb4ae6edbfd86e438ed0825725ab91100b8403a933bb0e359703be462f6d3d37f8bfb32eeae375a46512c619370f9802925ae0d8898f540f933b05b281f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc732E.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc732E.tmp\check_for_64bit_visual_studio_2019_runtimes.exe

Filesize
11KB

MD5
b43f3de9fb2d92638ccd4e8afd1b9e7a

SHA1
327d1943fcae5a7ccb702930ececc87090155bf6

SHA256
794d162e44bbccc94db95c4b866d42c5bd7fed84eeee941748b9977a847eda2d

SHA512
417672500d3546d333030ebd2fde5ba6fa40b0f822e407671a0153fad135211220561fce5c04d3d22968245a1e553562b880fe15b3e0bcdc8946e15f2131e4a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc732E.tmp\ioSpecial.ini

Filesize
1KB

MD5
e3f56092dd8b7ba893b404408f8e8d42

SHA1
2373efb99c4524867cda5236b557c0c78caeb275

SHA256
61e954ee6bb2e36dfd4db9a08401ce1e01e86b89697673fcc03cf7f35debcf2a

SHA512
3a773bcfffd91c626e31bec69a545b9fead0bb6440bf99e586ee90a1f11f56bda615d3e5ec1a02e13cb4c921cb5079a463328cb6e65db6ca17a630d0d4d61833

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc732E.tmp\ioSpecial.ini

Filesize
1KB

MD5
08dbaf00bb0b5d89813c366c9563f85a

SHA1
4aa28387b7f43fb9752b6ce50369819f08192c4a

SHA256
e7c005a58e48f70ff232ce4b7dfef29147b8d8f212642e6bccc0eed4213e6b61

SHA512
2288c0f8f5d8c62aa78e23393f3cd0149fc967f0407aab4c64790d660a8f703808fd4b0b82768de9773d8a8bd68bd4cc0283f6adf7c6359ce6677b350ef19ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc732E.tmp\ioSpecial.ini

Filesize
1KB

MD5
5d7099363c5fa03972f11454acce285b

SHA1
3b5490d4034f05e604e935418bd9ff5108197834

SHA256
4885c7eac24071ce08726cd5ea02dd6bf1401b6f1005b763ce698bc95e9e67ac

SHA512
0f835d1e43ae477c281eb7bebb7180f76345927a9093f2be2acfd7190c458d7bb57c34ea9882ed2b4534f232b956e0b4cd7bf9bb2e56f7938889e616ca5c960b

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\basic\profiles\Untitled\basic.ini

Filesize
27B

MD5
d785072bd43717886593f737817fff15

SHA1
8c7ef0936b7f5a5cec10e9b5e1278400e276e6f7

SHA256
7989006d0b1b17f5e4f4e20960713600d80612c3799963454e463f689a3cf613

SHA512
8bcd4ed11b248d2934bb7fed91cd8645b77f89ac75f357277a9de04e1121ef4217e982783d61c32b1e8e04d2c14eb82fab78926dc46861db511a8741a62c0c20

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\basic\scenes\Untitled.json

Filesize
2KB

MD5
bc278dd6d9a50f48d8330badca2c8cd7

SHA1
08c9f764ea769224baca92ca2e3fc46770b85624

SHA256
56826716ef55242caa0815d0c3f856dc146d14dd47715bbe6d8863c20a931ee9

SHA512
62016a7a6ef72041b61d013173f1fdc04a4dff851b5169d299b5864ec1ab22ee403093d32475137e95e17c32ac6fd49cc1501c119ad71f83f2a0b2c55b4f230b

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\global.ini

Filesize
1KB

MD5
ff3ad1dde79ffef92ada73706b739de4

SHA1
64dee62f00b3491fd9c32b541f557c6485cf42d1

SHA256
b7c0803219c4ce99d3fe9a77e001e9be48f4e1251237e5e79fc2eef49adf1da2

SHA512
e613674ce4c78f135c22b3c0592b3951185180603fd158f81020e6f1eaa698cc7a382ad9c90f9258ba64d5353dc7e80351384a5e5257dbe70a265afc58e1f3de

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\global.ini

Filesize
2KB

MD5
558992d244d8249c4d7aaef0f38cc562

SHA1
f650a1f6c5c19e24d7962c1e915eb7a47c729499

SHA256
4dd621b79d63d324c61f6b544f1082841f578c7723212b0aa23c9050838b36cf

SHA512
8bdbf2f0459c66253ec0f8069c07e09f8c2a4cb4d1488f344a2c701cb715903588faf381eeaa6c49067529d80f21658fc08cb5bd368080c6c524805095154f4e

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\global.ini

Filesize
95B

MD5
5e1a6ec63e7f3c47ee8e518eb9363bda

SHA1
7ee6c56636dc5bb77c624542dfed81cf61e1301c

SHA256
90eb7d1ad2ba1c3f742eb01a0930d3e98a5fafcdbfebe4a30a429872721ef04e

SHA512
178aa925045f84eae42846cca4d7f8a8f339a044eda2e15d2ac07c2dcbf4911a38e5df7e4e1ad288b696285daf00c630ffa79216aca9421318c0af8a220f0dac

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\rtmp-services\services.json

Filesize
93KB

MD5
04bbc99e81dd8fce20950b9e7cc9d30a

SHA1
ec93ece8c5d86ea6aeeda5dee5fbbfd7b645a1e4

SHA256
aa7a74d64bbb9aec9a9a0d8ba3d274487b95097441ed570423157512b8abcb90

SHA512
7be06d33b2a7333d182b7f6f01ef1ce494eb06d3deb9ff0d74db2e1fc57a8295c3828e997550f2ccaed1d135dda9ae3373624636a62e6209ab0e126e98f9083f

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\rtmp-services\services.json

Filesize
47KB

MD5
9e13c4feb55a5443033765073334c517

SHA1
8d4dde928e344c2497c39823904832be31056378

SHA256
166a9e412743a5ce8dcb210ee07640947f80bc6601f468ceffe3dd7f876ce4a4

SHA512
48122690652b03c4da1984c581ad63c54c095abdf0b7d763cc3d3f3411acb5d530f8eec35fbfe56861de37b5877606f64fff495fb5b2d8ec056c454075a08353

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\win-capture\compatibility.json

Filesize
21KB

MD5
b114bc164b7a2a92511f784037e592a4

SHA1
7faacbe11c4ac20b9dbb910faa58ca9812879566

SHA256
37c8bb60a0ef9effe79efdc77f2e444a235c5a4f31fe7a7739a8b43f98bb5429

SHA512
18415b95e549ec4b5359be82952d4f59889ab3fa5d9f7c50b318603d8df00e56e5cd870e61ec02236dff7937e6ee96eec1d88a3cba4ec66efb05fb5a13ccccf4

Download Submit
C:\Users\Admin\AppData\Roaming\obs-studio\plugin_config\win-capture\package.json

Filesize
250B

MD5
baa44a872ade09cc49744adda9014e58

SHA1
32e4f14fe4157d9b35c5993ad61e4fc83f207803

SHA256
0154f32065c447284a1cc0bb0ee5b9ead88811008c11a08d2162f183eed90cc4

SHA512
b715b69f02b12c5b667b3d885a919cd13b9ecf3d800899fc56f00a358bcebddefcedf6f522f59d1a8fa2634f5d314156cc2d5d2608abb903b3433a6ef0b8b6bd

Download Submit
C:\Users\Admin\AppData\Roaming\obstudio.exe

Filesize
1.1MB

MD5
46ab0cc1ea09e53e3239f1c520be7e63

SHA1
f7e2cd72077c4c743539a666ff5c358419eac21a

SHA256
52ff4c3befd8b1a1eec11b92f94d03f29bef0f86f733edc6f1d79388b04017a1

SHA512
63de10d2bce14a609e7cbb6827c02a5f10095b9e1f30379ab2f721a163017c05f78a5886bf553ddd2e8df5b35895ab631099ffac9d05ec96a9ac67c9ed538ac4

Download Submit
memory/1628-6104-0x00007FFD8C750000-0x00007FFD8CD6F000-memory.dmp

Filesize
6.1MB

Download
memory/1628-6106-0x00007FFD6BDD0000-0x00007FFD6BDE0000-memory.dmp

Filesize
64KB

Download
memory/1628-6103-0x00007FF63D0E0000-0x00007FF63D574000-memory.dmp

Filesize
4.6MB

Download
memory/1628-6105-0x00007FF63D0E0000-0x00007FF63D574000-memory.dmp

Filesize
4.6MB

Download
memory/3592-27-0x00007FFD8D970000-0x00007FFD8E431000-memory.dmp

Filesize
10.8MB

Download
memory/3592-0-0x00007FFD8D973000-0x00007FFD8D975000-memory.dmp

Filesize
8KB

Download
memory/3592-2-0x00007FFD8D970000-0x00007FFD8E431000-memory.dmp

Filesize
10.8MB

Download
memory/3592-1-0x0000000000690000-0x0000000001690000-memory.dmp

Filesize
16.0MB

Download
memory/4644-119-0x0000000005710000-0x0000000005CB4000-memory.dmp

Filesize
5.6MB

Download
memory/4644-126-0x0000000005560000-0x00000000055AC000-memory.dmp

Filesize
304KB

Download
memory/4644-48-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4644-120-0x0000000005240000-0x00000000052D2000-memory.dmp

Filesize
584KB

Download
memory/4644-121-0x0000000005230000-0x000000000523A000-memory.dmp

Filesize
40KB

Download
memory/4644-122-0x00000000062E0000-0x00000000068F8000-memory.dmp

Filesize
6.1MB

Download
memory/4644-123-0x00000000055E0000-0x00000000056EA000-memory.dmp

Filesize
1.0MB

Download
memory/4644-124-0x00000000054D0000-0x00000000054E2000-memory.dmp

Filesize
72KB

Download
memory/4644-125-0x00000000054F0000-0x000000000552C000-memory.dmp

Filesize
240KB

Download