Overview

overview

7

Static

static

3

Stremio+4.4.168.exe

windows7-x64

7

Stremio+4.4.168.exe

windows10-2004-x64

7

QtQuick/Co...in.dll

windows7-x64

3

QtQuick/Co...in.dll

windows10-2004-x64

3

QtQuick/Co...in.dll

windows7-x64

3

QtQuick/Co...in.dll

windows10-2004-x64

3

QtQuick/Co...in.dll

windows7-x64

3

QtQuick/Co...in.dll

windows10-2004-x64

3

QtQuick/Co...dar.js

windows7-x64

3

QtQuick/Co...dar.js

windows10-2004-x64

3

QtQuick/Co...Box.js

windows7-x64

3

QtQuick/Co...Box.js

windows10-2004-x64

3

QtQuick/Co...enu.js

windows7-x64

3

QtQuick/Co...enu.js

windows10-2004-x64

3

QtQuick/Co...Bar.js

windows7-x64

3

QtQuick/Co...Bar.js

windows10-2004-x64

3

QtQuick/Co...iew.js

windows7-x64

3

QtQuick/Co...iew.js

windows10-2004-x64

3

QtQuick/Co...del.js

windows7-x64

3

QtQuick/Co...del.js

windows10-2004-x64

3

QtQuick/Co...ils.js

windows7-x64

3

QtQuick/Co...ils.js

windows10-2004-x64

3

QtQuick/Co...ent.js

windows7-x64

3

QtQuick/Co...ent.js

windows10-2004-x64

3

QtQuick/Co...tem.js

windows7-x64

3

QtQuick/Co...tem.js

windows10-2004-x64

3

QtQuick/Co...nu.vbs

windows7-x64

1

QtQuick/Co...nu.vbs

windows10-2004-x64

1

QtQuick/Co...se.vbs

windows7-x64

1

QtQuick/Co...se.vbs

windows10-2004-x64

1

QtQuick/Co...low.js

windows7-x64

3

QtQuick/Co...low.js

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2024, 14:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stremio+4.4.168.exe

  • Size

    112.9MB

  • MD5

    763b10b7a9293ccc9307b650a01db702

  • SHA1

    b033764307a4df6cc81c654467630f2df67297ef

  • SHA256

    44ecc6a7624b2fdf03cb9b419f111892515fb036fe23f88e51456dce69066046

  • SHA512

    f6f8d0a78cfaa2c440567fc0e636ab6129c495991f679c93ae0b7e211d9e290e7d4628891fef35f0383662bc2237e21410dd849f1d6074a8994dfd8deeee5e0c

  • SSDEEP

    3145728:XddpqKUfzM8/I/6Uj2jDxXz8sGd1TiDlSugSbc+cYOsNCO1JTN:tdoK18wiucDZxG7TOlS/SI+JNCO19N

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 13 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 27 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 12 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 27 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Stremio+4.4.168.exe
    "C:\Users\Admin\AppData\Local\Temp\Stremio+4.4.168.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3816
    • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio.exe
      "C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:652
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1572
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:4288
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 1116
          4⤵
          • Program crash
          PID:4448
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\QtWebEngineProcess.exe
        "C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\QtWebEngineProcess.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=2 --mojo-platform-channel-handle=3116 /prefetch:1
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:4396
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\QtWebEngineProcess.exe
        "C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --application-name=Stremio --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=3160 /prefetch:8
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        PID:208
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3316
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:1656
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 1100
          4⤵
          • Program crash
          PID:4612
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3832
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:1600
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 1092
          4⤵
          • Program crash
          PID:852
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1840
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:2772
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 1100
          4⤵
          • Program crash
          PID:2680
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4816
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:1460
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 1096
          4⤵
          • Program crash
          PID:2304
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3316
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:2584
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 1092
          4⤵
          • Program crash
          PID:4620
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3832
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:3676
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 1088
          4⤵
          • Program crash
          PID:1936
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2632
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:432
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 1084
          4⤵
          • Program crash
          PID:3580
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4728
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:1468
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1084
          4⤵
          • Program crash
          PID:1672
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2352
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:3132
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 1088
          4⤵
          • Program crash
          PID:4144
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:936
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:5036
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 1108
          4⤵
          • Program crash
          PID:1588
      • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
        C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe C:/Users/Admin/AppData/Local/Programs/LNV/Stremio-4/server.js
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3208
        • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe
          C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\ffprobe.exe -show_entries "stream=index,bit_rate,max_bit_rate,codec_type,codec_name,start_time,start_pts,r_frame_rate,sample_rate,channels,channel_layout,time_base,has_b_frames,nb_frames,width,height,color_space,color_transfer,color_primaries,codec_tag_string : stream_tags=title,language,duration,bps,number_of_bytes : format=format_name,duration,bit_rate,max_bit_rate" -print_format json http://127.0.0.1:11470/samples/hevc.mkv
          4⤵
          • Executes dropped EXE
          PID:4148
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 1160
          4⤵
          • Program crash
          PID:4936
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1572 -ip 1572
    1⤵
      PID:808
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3316 -ip 3316
      1⤵
        PID:3444
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3832 -ip 3832
        1⤵
          PID:4448
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1840 -ip 1840
          1⤵
            PID:2040
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4816 -ip 4816
            1⤵
              PID:2412
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3316 -ip 3316
              1⤵
                PID:1600
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3832 -ip 3832
                1⤵
                  PID:4336
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 2632 -ip 2632
                  1⤵
                    PID:4100
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4728 -ip 4728
                    1⤵
                      PID:676
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 2352 -ip 2352
                      1⤵
                        PID:1436
                      • C:\Windows\SysWOW64\WerFault.exe
                        C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 936 -ip 936
                        1⤵
                          PID:4076
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3208 -ip 3208
                          1⤵
                            PID:1256

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
                            Filesize

                            49.1MB

                            MD5

                            58a451f04d8da2f547edf753fbe03fdf

                            SHA1

                            dfe60e0de8f4f892fdd5719d7b9657ad232f7414

                            SHA256

                            2a9d34c190c8c639c2817a371cd8ab6e5d8c8f5d0c45b8c72fbb1d9d4c1e9227

                            SHA512

                            0580068222d415ac6cb1f48a236ce425a57cf860cd802bfd31e76a296d269b8d4b9dd174d5d88552616ed7c99c1e758b23c4f69fa5f23c522f1f312f1a8d3ca6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Programs\LNV\Stremio-4\stremio.exe
                            Filesize

                            300KB

                            MD5

                            c0fbaeea5372c54a2f39716fcbc6afec

                            SHA1

                            e54790d82d0abdc75607fa0384bb886fc9b8027b

                            SHA256

                            cc7b6317d48368cb5791a1e95de5306b6152777b09758d14666d82f4b315dabd

                            SHA512

                            002aa47f5223eb113d3b2bfe1c88eb0ba588b1fc79465340b06c69dde1b897fef73c1f2540712ff22a658a6fe7b8bca4d2b6d4ec9c3d643838ff70275ebd8816

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\9486f5c4-41e9-4c0f-9f8e-53af2ab0dbab.tmp
                            Filesize

                            401B

                            MD5

                            cec770f6573c5da8ac8ce759d1439687

                            SHA1

                            7765f7083293c73f1e5e6fdae507eb3259059cbb

                            SHA256

                            9d51850ba920145b69aed1760a963bc78a2638b830e2f1e79dcc5fc985b5fd40

                            SHA512

                            bfb41c22524185b2905f371f04fb4b95667d8c258c4c628444fcff349b1960109ff11139e7479d1ac5e9965668503e2d49d14978de41d818e3f9d1ba67cb9c32

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Local Storage\leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Network Persistent State~RFe593a6f.TMP
                            Filesize

                            59B

                            MD5

                            2800881c775077e1c4b6e06bf4676de4

                            SHA1

                            2873631068c8b3b9495638c865915be822442c8b

                            SHA256

                            226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                            SHA512

                            e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\CacheStorage\88fcf258722d55f5951a2da9c15b52822bdffa79\545e214a-ce53-40c3-aa49-d146b39e6c29\index-dir\temp-index
                            Filesize

                            72B

                            MD5

                            7cf6013a1a53f636a9c9a577133c6e85

                            SHA1

                            bdd9f82375a91a842a0a8905da7e72995b7e7e06

                            SHA256

                            4b987e7bafef4fb14004c3ff224a1b46745f2474de7dc859ff31bad79530c367

                            SHA512

                            9d432f5235929c4fd25c906c8946b9a8852816104f5f867823ea6f0de3b12be211eba09b0ab794fd1eb9f794a9584fa02a7d5a85f81c8ca7bcf1d0d95678ca69

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\CacheStorage\88fcf258722d55f5951a2da9c15b52822bdffa79\545e214a-ce53-40c3-aa49-d146b39e6c29\index-dir\the-real-index~RFe587dc6.TMP
                            Filesize

                            48B

                            MD5

                            42075a26c1ad354d09b90e2de0931bab

                            SHA1

                            9366a2b62eb94612705086930d9b261b075a2930

                            SHA256

                            cef9ebb1c9d7e3758f65778c49dd6e5e27784bfa6ffa3336d7cffd6d9ad3e9e7

                            SHA512

                            483c85647ebc33941b0bdb7960a3c24985a515355d08ed9d28c76775fbb93aafd7abf91d6705e734eeac291870cff1a1b9f69f11483b4994e41d83b6d693ada0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\CacheStorage\88fcf258722d55f5951a2da9c15b52822bdffa79\index.txt
                            Filesize

                            106B

                            MD5

                            2280b7f723f2f3900ef3ace8b90ca0d0

                            SHA1

                            d413773991994ff67cb3a91b7370e1a261cadc09

                            SHA256

                            219ab78bf63d6cd414be4909b55106eeb03b74cf59bf68f9f64c2b4fdc02f3c6

                            SHA512

                            95b10515810c8c5e6892a111d51a1688d1823e378892c529717b4b9ec69b35ff04b30901ebed3a474ccbe6c3d9919ca4c593e199230cec02d318a16979296e8b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\CacheStorage\88fcf258722d55f5951a2da9c15b52822bdffa79\index.txt.tmp
                            Filesize

                            101B

                            MD5

                            9a4301d72aecbfcb25461de14f52febf

                            SHA1

                            f1f743ca760a4b0974072e0636494909c3d19179

                            SHA256

                            60d993d0eee8f399f5b218bbd3dde74b5d5cf6920985ec3d9f06e422c7c1be31

                            SHA512

                            032206e23ad24582e8e638ed7fd8a835af0fccb99c03628d3fce40a99c4244f490c8b1c1cc7412975949b859df451b7294f013b6b833d6e8c933d6dd4a683b93

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\Database\MANIFEST-000001
                            Filesize

                            41B

                            MD5

                            5af87dfd673ba2115e2fcf5cfdb727ab

                            SHA1

                            d5b5bbf396dc291274584ef71f444f420b6056f1

                            SHA256

                            f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                            SHA512

                            de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\ScriptCache\index-dir\temp-index
                            Filesize

                            72B

                            MD5

                            15771296eac30cad7433e48366b1b464

                            SHA1

                            c561db52a3c6a7480cb2cbb2e2df9b195c2d7f38

                            SHA256

                            6dc5a824103cfbe7f9bc85a4b1a6b76e8c9b198dda787267d754de0081c52258

                            SHA512

                            5e84269dbe07e4eceeb7d99ae581bfd804143701cfad05e816ac5f74e96d53748293837da4bdc6119a1bb9bf8f02d90215cb3b436b082b1084f2ff203bf12001

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Smart Code ltd\Stremio\QtWebEngine\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587903.TMP
                            Filesize

                            48B

                            MD5

                            d259ef91730350bb1ba8ee80e31ff756

                            SHA1

                            071c38ec3f6956a91e7590ecd1d1d2099f317e53

                            SHA256

                            448ecd462fde7f0f482c343a5f0f1d6abed440b1edb70959306585deac1bf04d

                            SHA512

                            fc666b1411ef9fd03c910237f4a4c48b848dd0f2c578a44c87ae28c3ce4dfcf7b3e10b41e6898ef44b70a6c229c421edd0dbc616805f89be455392e718e61eda

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\nspC42C.tmp\System.dll
                            Filesize

                            12KB

                            MD5

                            cff85c549d536f651d4fb8387f1976f2

                            SHA1

                            d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

                            SHA256

                            8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

                            SHA512

                            531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\nspC42C.tmp\nsProcess.dll
                            Filesize

                            4KB

                            MD5

                            f0438a894f3a7e01a4aae8d1b5dd0289

                            SHA1

                            b058e3fcfb7b550041da16bf10d8837024c38bf6

                            SHA256

                            30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

                            SHA512

                            f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

                            Download Submit

                          • memory/652-4025-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4018-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4008-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4016-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4043-0x000000000B860000-0x000000000B861000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4045-0x000000000B860000-0x000000000B861000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4044-0x000000000B860000-0x000000000B861000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4042-0x000000000B860000-0x000000000B861000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4041-0x000000000B860000-0x000000000B861000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4040-0x000000000B860000-0x000000000B861000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4038-0x000000000B850000-0x000000000B851000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4037-0x000000000B850000-0x000000000B851000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4036-0x000000000B850000-0x000000000B851000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4035-0x000000000B850000-0x000000000B851000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4034-0x000000000B850000-0x000000000B851000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4033-0x000000000B850000-0x000000000B851000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4032-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4031-0x000000000B850000-0x000000000B851000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4030-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4029-0x000000000B850000-0x000000000B851000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4028-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4027-0x000000000B850000-0x000000000B851000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4010-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4024-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4023-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4022-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4021-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4020-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4019-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4009-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4017-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4015-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4014-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4013-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4012-0x000000000B830000-0x000000000B831000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4011-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4006-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4005-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4004-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4003-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4002-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4001-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-4000-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3999-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3998-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3997-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3996-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3992-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3986-0x0000000005D10000-0x0000000005D11000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3987-0x0000000005D10000-0x0000000005D11000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3988-0x0000000005D10000-0x0000000005D11000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3989-0x0000000005D10000-0x0000000005D11000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3990-0x0000000005D10000-0x0000000005D11000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3978-0x00000000046D0000-0x00000000048D0000-memory.dmp

                            Filesize

                            2.0MB

                            Download

                          • memory/652-3976-0x0000000004290000-0x00000000046D0000-memory.dmp

                            Filesize

                            4.2MB

                            Download

                          • memory/652-3995-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3994-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/652-3993-0x0000000008410000-0x0000000008411000-memory.dmp

                            Filesize

                            4KB

                            Download