44ecc6a7624b2fdf03cb9b419f111892515fb036fe23f88e51456dce69066046

Analysis

max time kernel
138s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stremio+4.4.168.exe
Size

112.9MB
MD5

763b10b7a9293ccc9307b650a01db702
SHA1

b033764307a4df6cc81c654467630f2df67297ef
SHA256

44ecc6a7624b2fdf03cb9b419f111892515fb036fe23f88e51456dce69066046
SHA512

f6f8d0a78cfaa2c440567fc0e636ab6129c495991f679c93ae0b7e211d9e290e7d4628891fef35f0383662bc2237e21410dd849f1d6074a8994dfd8deeee5e0c
SSDEEP

3145728:XddpqKUfzM8/I/6Uj2jDxXz8sGd1TiDlSugSbc+cYOsNCO1JTN:tdoK18wiucDZxG7TOlS/SI+JNCO19N

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 13 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	stremio-runtime.exe

Executes dropped EXE 27 IoCs

pid	Process
4680	stremio.exe
3216	stremio-runtime.exe
4504	QtWebEngineProcess.exe
688	QtWebEngineProcess.exe
2120	ffprobe.exe
2948	stremio-runtime.exe
3508	ffprobe.exe
3604	stremio-runtime.exe
620	ffprobe.exe
4416	stremio-runtime.exe
2896	ffprobe.exe
5032	stremio-runtime.exe
4320	ffprobe.exe
2124	stremio-runtime.exe
3124	ffprobe.exe
232	stremio-runtime.exe
3612	ffprobe.exe
4196	stremio-runtime.exe
4056	ffprobe.exe
4888	stremio-runtime.exe
3408	ffprobe.exe
1640	stremio-runtime.exe
1208	ffprobe.exe
3236	stremio-runtime.exe
3664	ffprobe.exe
388	stremio-runtime.exe
3460	ffprobe.exe

Loads dropped DLL 64 IoCs

pid	Process
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
255	discord.com
191	camo.githubusercontent.com
202	camo.githubusercontent.com
224	raw.githubusercontent.com
251	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 12 IoCs

pid	pid_target	Process	procid_target
3232	3216	WerFault.exe	91
2124	2948	WerFault.exe	100
3232	3604	WerFault.exe	105
4920	4416	WerFault.exe	111
988	5032	WerFault.exe	116
3692	2124	WerFault.exe	121
2320	232	WerFault.exe	126
2396	4196	WerFault.exe	131
1372	4888	WerFault.exe	136
4544	1640	WerFault.exe	141
3300	3236	WerFault.exe	146
5080	388	WerFault.exe	151

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	QtWebEngineProcess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Stremio+4.4.168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	QtWebEngineProcess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stremio-runtime.exe

Modifies registry class 27 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio	Stremio+4.4.168.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\shell	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\shell\ = "open"	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\magnet\URL Protocol	Stremio+4.4.168.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\magnet\shell\open	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\LNV\\Stremio-4\\stremio.exe,0"	Stremio+4.4.168.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\magnet\shell	Stremio+4.4.168.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\magnet\shell\open\command	Stremio+4.4.168.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\.torrent	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\.torrent\ = "stremio"	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\LNV\\Stremio-4\\stremio.exe,1"	Stremio+4.4.168.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\magnet\DefaultIcon	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\ = "BitTorrent file"	Stremio+4.4.168.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\shell\open\command	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\magnet\shell\ = "open"	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\LNV\\Stremio-4\\stremio.exe \"%1\""	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\LNV\\Stremio-4\\stremio.exe\" \"%1\""	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\magnet\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\LNV\\Stremio-4\\stremio.exe,1"	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\.torrent\stremio_backup	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\ = "URL:Stremio Protocol"	Stremio+4.4.168.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\shell\open	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\magnet\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\LNV\\Stremio-4\\stremio.exe\" \"%1\""	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\shell\open\ = "Play with Stremio"	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\URL Protocol	Stremio+4.4.168.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\stremio\DefaultIcon	Stremio+4.4.168.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\magnet	Stremio+4.4.168.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\magnet\ = "URL:BitTorrent magnet"	Stremio+4.4.168.exe

Modifies system certificate store 2 TTPs 17 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	QtWebEngineProcess.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	QtWebEngineProcess.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	QtWebEngineProcess.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	QtWebEngineProcess.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	QtWebEngineProcess.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	QtWebEngineProcess.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4680	stremio.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
3112	Stremio+4.4.168.exe
4504	QtWebEngineProcess.exe
4504	QtWebEngineProcess.exe
688	QtWebEngineProcess.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4680	stremio.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
3112	Stremio+4.4.168.exe
4680	stremio.exe
4680	stremio.exe
4680	stremio.exe
4680	stremio.exe
4680	stremio.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
4680	stremio.exe
4680	stremio.exe
4680	stremio.exe
4680	stremio.exe
4680	stremio.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4680	stremio.exe
4680	stremio.exe
4680	stremio.exe
4680	stremio.exe
4680	stremio.exe
4680	stremio.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 4680	3112	Stremio+4.4.168.exe	90
PID 3112 wrote to memory of 4680	3112	Stremio+4.4.168.exe	90
PID 3112 wrote to memory of 4680	3112	Stremio+4.4.168.exe	90
PID 4680 wrote to memory of 3216	4680	stremio.exe	91
PID 4680 wrote to memory of 3216	4680	stremio.exe	91
PID 4680 wrote to memory of 3216	4680	stremio.exe	91
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 688	4680	stremio.exe	92
PID 4680 wrote to memory of 4504	4680	stremio.exe	93
PID 4680 wrote to memory of 4504	4680	stremio.exe	93
PID 4680 wrote to memory of 4504	4680	stremio.exe	93
PID 3216 wrote to memory of 2120	3216	stremio-runtime.exe	95
PID 3216 wrote to memory of 2120	3216	stremio-runtime.exe	95
PID 4680 wrote to memory of 2948	4680	stremio.exe	100
PID 4680 wrote to memory of 2948	4680	stremio.exe	100
PID 4680 wrote to memory of 2948	4680	stremio.exe	100
PID 2948 wrote to memory of 3508	2948	stremio-runtime.exe	102
PID 2948 wrote to memory of 3508	2948	stremio-runtime.exe	102
PID 4680 wrote to memory of 3604	4680	stremio.exe	105
PID 4680 wrote to memory of 3604	4680	stremio.exe	105
PID 4680 wrote to memory of 3604	4680	stremio.exe	105
PID 3604 wrote to memory of 620	3604	stremio-runtime.exe	108
PID 3604 wrote to memory of 620	3604	stremio-runtime.exe	108

C:\Users\Admin\AppData\Local\Temp\Stremio+4.4.168.exe
"C:\Users\Admin\AppData\Local\Temp\Stremio+4.4.168.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio.exe
  "C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4680
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3216
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:2120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 1100
      4⤵
      Program crash
      PID:3232
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\QtWebEngineProcess.exe
    "C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\QtWebEngineProcess.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=2 --mojo-platform-channel-handle=3108 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:688
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\QtWebEngineProcess.exe
    "C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --application-name=Stremio --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=3152 /prefetch:8
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    PID:4504
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2948
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:3508
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 1152
      4⤵
      Program crash
      PID:2124
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3604
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:620
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 1156
      4⤵
      Program crash
      PID:3232
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4416
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:2896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 1096
      4⤵
      Program crash
      PID:4920
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5032
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:4320
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 1084
      4⤵
      Program crash
      PID:988
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2124
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:3124
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 1108
      4⤵
      Program crash
      PID:3692
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:232
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:3612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 232 -s 1096
      4⤵
      Program crash
      PID:2320
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4196
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:4056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 1160
      4⤵
      Program crash
      PID:2396
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4888
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:3408
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 1092
      4⤵
      Program crash
      PID:1372
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1640
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:1208
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 1156
      4⤵
      Program crash
      PID:4544
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3236
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:3664
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 1152
      4⤵
      Program crash
      PID:3300
- - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
    C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:388
  - - C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
      C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
      4⤵
      Executes dropped EXE
      PID:3460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 1088
      4⤵
      Program crash
      PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3216 -ip 3216
1⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2948 -ip 2948
1⤵
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3604 -ip 3604
1⤵
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4416 -ip 4416
1⤵
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5032 -ip 5032
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2124 -ip 2124
1⤵
PID:636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 232 -ip 232
1⤵
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4196 -ip 4196
1⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4888 -ip 4888
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1640 -ip 1640
1⤵
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3236 -ip 3236
1⤵
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 388 -ip 388
1⤵
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe

Filesize
49.1MB

MD5
58a451f04d8da2f547edf753fbe03fdf

SHA1
dfe60e0de8f4f892fdd5719d7b9657ad232f7414

SHA256
2a9d34c190c8c639c2817a371cd8ab6e5d8c8f5d0c45b8c72fbb1d9d4c1e9227

SHA512
0580068222d415ac6cb1f48a236ce425a57cf860cd802bfd31e76a296d269b8d4b9dd174d5d88552616ed7c99c1e758b23c4f69fa5f23c522f1f312f1a8d3ca6

Download Submit
C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio.exe

Filesize
300KB

MD5
c0fbaeea5372c54a2f39716fcbc6afec

SHA1
e54790d82d0abdc75607fa0384bb886fc9b8027b

SHA256
cc7b6317d48368cb5791a1e95de5306b6152777b09758d14666d82f4b315dabd

SHA512
002aa47f5223eb113d3b2bfe1c88eb0ba588b1fc79465340b06c69dde1b897fef73c1f2540712ff22a658a6fe7b8bca4d2b6d4ec9c3d643838ff70275ebd8816

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\2a5e0455-ef51-4171-a545-521a9097c96f.tmp

Filesize
483B

MD5
967a3198e51d2f6e885e5586967e1572

SHA1
6f586cef15726fa9fc72ecd80c52fdabed6c084e

SHA256
b1a0fb9dd4448e3235583e8656b784832f814805176f5d1b32c4d541d0af623a

SHA512
97692787843a6d9986cf9b7686776b1d352f8032e662b070406b29ebcc0fc6745baf39f31aababe58e3854261588cc1d65a0780c60fdcefda3ec2d7622957364

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\4211ce1a-e332-4dc3-a934-01069f535133.tmp

Filesize
4KB

MD5
cb0168d653da5f4e054340e7d77d5841

SHA1
e3b1a670d5b305787f2bf6084235867825fdf94c

SHA256
891cfadb4d5e39e626111965c1b24f22e4ae4a183b4e410cc79d47305283d489

SHA512
04b352def519f28fd7fc56ba3d7921ad51677b4bc4a821ae201a133ae089fdeef6e73c94340f363f7c52854778c0a1bf310f44c0ed4bf9f185d407b7b5835a11

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\9eff5b17-1b3a-4d89-859a-e1ff49287c3a.tmp

Filesize
625B

MD5
28dbbbb60cafa9ba093ae501f057c7a1

SHA1
ad1e73421d60cf5832e5c1af4e01f60e5d690f5e

SHA256
28be9d988334ee9a67bc9ef1a98f447e338a37fed376fdfd30364b119fb68580

SHA512
306f6e7524607b99d7b019a75f6285fc800fef66bea1161bd69e77bf3f9f4f5609369141a2418e973cca82703433d738db57727fa995d33fa2fe3a334f72df5d

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Network Persistent State~RFe591dfe.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\CacheStorage\88fcf258722d55f5951a2da9c15b52822bdffa79\eef8250f-a2ea-4abf-bb66-ed64f257f1c3\index-dir\temp-index

Filesize
2KB

MD5
44e4388f58c45cd03628673f49b65d5c

SHA1
be4b739f7bcd09f34a03c423dc90e4e4777df1e3

SHA256
91ca5a00952bd92ee14b58280bf129d7baedd0fae1127b85b6760845f733838b

SHA512
44c9be0c0ecc0df6fa1ef99e05f6d54c4b6d8338c3436c2853f4de3c01664c071e81a0696af08c940e09379a61895dbcb55955a44e273f0669a67465e2b264eb

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\CacheStorage\88fcf258722d55f5951a2da9c15b52822bdffa79\eef8250f-a2ea-4abf-bb66-ed64f257f1c3\index-dir\temp-index

Filesize
72B

MD5
e0fb84848f764b6da93e4548c31ccf2c

SHA1
2fd1f457bb7bcf138308592cbf778c5a8e8bd839

SHA256
6be57282ab1140e2ad1e44b0968a184cc2b11f7416d74444f6c9804d794a84b5

SHA512
504731c6fc91842e8d82450c4153bb6ba8d783e7add9dfd97c654905f86be18ac0859840eb29b36fcec3a84bee3c32e7fdaba4d9af3c5d5bf016f0498c4e1c01

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\CacheStorage\88fcf258722d55f5951a2da9c15b52822bdffa79\eef8250f-a2ea-4abf-bb66-ed64f257f1c3\index-dir\the-real-index~RFe585d7d.TMP

Filesize
48B

MD5
d898180cf64519f21d237fdb7289de24

SHA1
d88d5d03c97552e2302fbcdc011bee808a089317

SHA256
04af46590b01cbe48b448aff72b3d2778debc33935a0ccae1a900477d3ac16cb

SHA512
563ddb0552f91865253e9884da1586aad94a92fdd5f669fac6931aaffee8296111403eb38cfdd22a59ac541e34f79f8b8bf6a3d4ac5cbd65417dd5d2a1cad78a

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\CacheStorage\88fcf258722d55f5951a2da9c15b52822bdffa79\index.txt

Filesize
106B

MD5
3394fed6954653ac7e5612eb6988970f

SHA1
6f551a193aca23b7373ff85667b9b2f456407719

SHA256
7de09cfd2bcfc2c1a4c09ed4a5f9ac2b7fe8eae8fe162face6bd3da74827e6c8

SHA512
d72f8820f6a4e9e520a57c19475fde15059f6410b2a2494e51fd2ff519349dd7da78b9e8240aa0700d1b39ff6439f15f8e791d6269ee4cfeda98ae6a969c3185

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\CacheStorage\88fcf258722d55f5951a2da9c15b52822bdffa79\index.txt.tmp

Filesize
106B

MD5
40ce13109b8fa2337c88c5918c414ddf

SHA1
19fbbaec091f6066d71f1619d3428751744bfd75

SHA256
58c42e0f7e281e39df758f59386a1bd5f31f9273b5157bb223bbd973dee62868

SHA512
74126dc27ad1eef9c95fbaed6a6be69ec1369f6a4119b46b0e2cfc9f746e4948443216d32ef33ee2c842e30a9ef0c56f9c5aad2a5836df580daac51f328ed0a0

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\CacheStorage\88fcf258722d55f5951a2da9c15b52822bdffa79\index.txt.tmp

Filesize
101B

MD5
e160d2def31686da8eab8c6667bc5495

SHA1
2d37760cda8fdcc79ecb5b1f4bdebb538431b1d6

SHA256
23b1406bda651baac72f87487f79d232b2b8679f06015d54d6c6605639ef10a9

SHA512
9ff136f1aebeaa722982b871990a699ce65831532f3e7ecabd1ca66b2a8f959aafbf161c7ea7a29249db68a8b35fafd7e449d7781ddde3885a1be8b74f752d5f

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
872743d3e80e5de0d31984916797e734

SHA1
645708423eea721f515fbb12ba7179b6d6f1a8d8

SHA256
3bf4979fa132e2f2bcccb07c98224514dc105404cc2360ce5d806dccb3d3f5d4

SHA512
b0d4e6d9b28caa2dc5e30e2cb1dabcfb6f074c9c33ab7a7b619562d6c03aa7e639d1b081ea90bbc092323e6084070dd0dc1309656d956929575e1eb276c9d8a7

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585b0c.TMP

Filesize
48B

MD5
2d08e65cac1096f34ec207187a9edcda

SHA1
85787ebc7ec628e53e693d29f1e6905219f7ac07

SHA256
fc52f7b9f4f35dbbff84456a2ab65c3996d3f01c6db2633547de3cc92893afc9

SHA512
997ba5e308ad8a3bca68b0c974525d14b9eebae556e49563cbade1f78afd26d0030eba0c03e3ea2442cc1e999e8d2d1eb8279c68003b638fcfbe871a4e2c4874

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\TransportSecurity~RFe5980a0.TMP

Filesize
419B

MD5
daeed1e5ec1c95b945131204cb032c81

SHA1
08605b8efabe1d977fa165bf93649ba400a8e5c4

SHA256
7edb8e1462786df26c85a3e2c41931b3a2da6e846a50b79c235dc769d7e5f2ab

SHA512
f9b670bb02b86da2465072286e85b085d30193f21c78ae2abfd131e468e64d654aa6de16442d5942084164156ca30b517353e8b2bc1d9c828434a79fcba3e52b

Download Submit
C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\cefdb360-ec27-4e82-a035-f6c5f35bfdac.tmp

Filesize
3KB

MD5
c182e9fb07f738714901db022c355aaf

SHA1
e75abe9c352929812a267f078afd0d3e8f5c1a1f

SHA256
950e6f7ed0b32135d4e7b1059cdee6fd9eb718442fb93f510cb12bd37b23aed6

SHA512
6631a6fd18b3ccc2112e0b4c1551cc1ea6eee56ccfcccae62bf7fed6c73536a8306e8feb81ac236cca78df1afdb3f4427a6c4b54616b170d904dcc67c3c7c41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB075.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB075.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
memory/4680-4024-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4012-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4044-0x000000000B810000-0x000000000B811000-memory.dmp

Filesize
4KB

Download
memory/4680-4042-0x000000000B810000-0x000000000B811000-memory.dmp

Filesize
4KB

Download
memory/4680-4041-0x000000000B810000-0x000000000B811000-memory.dmp

Filesize
4KB

Download
memory/4680-4040-0x000000000B810000-0x000000000B811000-memory.dmp

Filesize
4KB

Download
memory/4680-4038-0x000000000B800000-0x000000000B801000-memory.dmp

Filesize
4KB

Download
memory/4680-4037-0x000000000B800000-0x000000000B801000-memory.dmp

Filesize
4KB

Download
memory/4680-4036-0x000000000B800000-0x000000000B801000-memory.dmp

Filesize
4KB

Download
memory/4680-4035-0x000000000B800000-0x000000000B801000-memory.dmp

Filesize
4KB

Download
memory/4680-4034-0x000000000B800000-0x000000000B801000-memory.dmp

Filesize
4KB

Download
memory/4680-4033-0x000000000B800000-0x000000000B801000-memory.dmp

Filesize
4KB

Download
memory/4680-4032-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4031-0x000000000B800000-0x000000000B801000-memory.dmp

Filesize
4KB

Download
memory/4680-4030-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4029-0x000000000B800000-0x000000000B801000-memory.dmp

Filesize
4KB

Download
memory/4680-4028-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4027-0x000000000B800000-0x000000000B801000-memory.dmp

Filesize
4KB

Download
memory/4680-4043-0x000000000B810000-0x000000000B811000-memory.dmp

Filesize
4KB

Download
memory/4680-4025-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4023-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4022-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4021-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4020-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4019-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4018-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4016-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4015-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4014-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4045-0x000000000B810000-0x000000000B811000-memory.dmp

Filesize
4KB

Download
memory/4680-4011-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-4005-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-4004-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-4003-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-4002-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-4001-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-4000-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-3999-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-3998-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-3997-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-3996-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-4017-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4013-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4006-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-4008-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4009-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-4010-0x000000000B7E0000-0x000000000B7E1000-memory.dmp

Filesize
4KB

Download
memory/4680-3992-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-3990-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/4680-3989-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/4680-3988-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/4680-3987-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/4680-3986-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/4680-3976-0x0000000004140000-0x0000000004580000-memory.dmp

Filesize
4.2MB

Download
memory/4680-3978-0x0000000004580000-0x0000000004780000-memory.dmp

Filesize
2.0MB

Download
memory/4680-3995-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-3994-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download
memory/4680-3993-0x000000000ABD0000-0x000000000ABD1000-memory.dmp

Filesize
4KB

Download