c61ecd976b087abf7eba06ba7d8fc9767f3b2bffe79a3952ac8f9c8b1bb0be64

Analysis

max time kernel
570s
max time network
572s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IPTViewr_Movistar+_1-5_beta-1-sp1a_es-es.msi
Size

28.9MB
MD5

7172472c9a8e578dc6b8310601cbc646
SHA1

712976528526ad2c3c9bf82b7939abe652ad7962
SHA256

c61ecd976b087abf7eba06ba7d8fc9767f3b2bffe79a3952ac8f9c8b1bb0be64
SHA512

4a40bd0268399bc3e1a7232550de69b310d967e81941e279c453fc3d47cb4691aaa522805a6ef08a12c9747ec4e283aeee2b09245717a8c5a47df9fb1fd0a04d
SSDEEP

393216:FLb7VqFnDYiFbWptlSPdJ1Zp9O71CeEHL/yEeEEszszuomY05LsW1IK18dZdu0JS:BVch2CdJ1ZOCNH73NHhYDWmz80

Score

6^/10

microsoft discovery persistence phishing privilege_escalation

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
4	400	msiexec.exe
6	400	msiexec.exe
8	400	msiexec.exe

Downloads MZ/PE file

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected phishing page
phishing

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nn\	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglinterop_dxva2_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.3.2.jar	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\el\	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll	vlc-3.0.21-win64.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll	vlc-3.0.21-win64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es_MX\	vlc-3.0.21-win64.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e57fd0f.msi	msiexec.exe
File created	C:\Windows\Installer\e57fd0d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57fd0d.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{525CDE99-1EB0-4E7D-8C36-A4F148E82463}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1066.tmp	msiexec.exe

Executes dropped EXE 7 IoCs

pid	Process
3172	FirstTimeConfig.exe
4676	vlc-3.0.21-win64.exe
3292	vlc-cache-gen.exe
2576	vlc.exe
888	IPTViewr.exe
1760	IPTViewr.exe
5000	FirstTimeConfig.exe

Loads dropped DLL 64 IoCs

pid	Process
4536	MsiExec.exe
4676	vlc-3.0.21-win64.exe
4676	vlc-3.0.21-win64.exe
4676	vlc-3.0.21-win64.exe
4676	vlc-3.0.21-win64.exe
4676	vlc-3.0.21-win64.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe
3292	vlc-cache-gen.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
400	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsgBox.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vlc-3.0.21-win64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001d4141155d34ac580000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001d4141150000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001d414115000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1d414115000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001d41411500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133774395430932494"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.m2t\shell\PlayWithVLC\ = "Play with VLC media player"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.rec\shell\AddToPlaylistVLC\command	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.xspf\shell\AddToPlaylistVLC\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\""	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.3ga	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.asf\shell\Open\ = "Play"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.dv\shell\PlayWithVLC	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.cda\shell\Open\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file \"%1\""	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.vlt\ = "VLC skin file (.vlt)"	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.dv\shell\PlayWithVLC\ = "Play with VLC media player"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.dvr-ms\shell\PlayWithVLC	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.nuv\shell\Open\command	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.b4s\DefaultIcon	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.vlc\shell\PlayWithVLC\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\""	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\shell	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.DVDMovie\DefaultIcon	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.dav\shell\PlayWithVLC\ = "Play with VLC media player"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.Bluray\shell	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.dts\shell\PlayWithVLC\ = "Play with VLC media player"	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{796A2C2D-5B11-4FB5-9077-56D5E674972B}\TypeLib\ = "{DF2BBE39-40A8-433B-A279-073F48DA94B6}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.aiff\shell\PlayWithVLC\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\""	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mlp\shell\ = "Open"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.voc	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.3gp\shell\AddToPlaylistVLC\Icon = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\",0"	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpc\shell\PlayWithVLC\Icon = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\",0"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.aifc	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{465E787A-0556-452F-9477-954E4A940003}\TypeLib\ = "{DF2BBE39-40A8-433B-A279-073F48DA94B6}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.tts\shell\PlayWithVLC\ = "Play with VLC media player"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\.m1v	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vlc\ = "VLC.vlc"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg4\shell\AddToPlaylistVLC\command	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ogg\shell\PlayWithVLC	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.aob\DefaultIcon	vlc-3.0.21-win64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{54613049-40BF-4035-9E70-0A9312C0188D}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\.adts	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.caf\shell\PlayWithVLC\Icon = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\",0"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.gxf\shell\AddToPlaylistVLC	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg4\shell\PlayWithVLC\command	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.webm\shell\AddToPlaylistVLC\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\""	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpe\shell\Open\ = "Play"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DF2BBE39-40A8-433B-A279-073F48DA94B6}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.m2t\shell\PlayWithVLC	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.m3u8\shell\Open\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file \"%1\""	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B5DEF5A1-FFB6-4E68-B3D8-A12AC60FDA54}\TypeLib\ = "{DF2BBE39-40A8-433B-A279-073F48DA94B6}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mp2v\shell\PlayWithVLC\MultiSelectModel = "Player"	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.m4v\shell\Open\ = "Play"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\.mpeg	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg4\shell\AddToPlaylistVLC\ = "Add to VLC media player's Playlist"	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ifo\shell\PlayWithVLC\Icon = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\",0"	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.oga\shell\ = "Open"	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.m2ts\shell\AddToPlaylistVLC\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\""	vlc-3.0.21-win64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0AAEDF0B-D333-4B27-A0C6-BBF31413A42E}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.rmi\shell\PlayWithVLC	vlc-3.0.21-win64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DF2BBE39-40A8-433B-A279-073F48DA94B6}\1.0\0	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49E0DBD1-9440-466C-9C97-95C67190C603}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.dv\shell\Open\ = "Play"	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.caf\shell\AddToPlaylistVLC\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\""	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.3gp2\shell\AddToPlaylistVLC\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\""	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.m3u\shell\PlayWithVLC	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.aifc\shell\ = "Open"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.amv\shell\Open	vlc-3.0.21-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mp3\shell\PlayWithVLC\Icon = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\",0"	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg\shell\Open\command	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.flac\shell\PlayWithVLC	vlc-3.0.21-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.tts\shell\PlayWithVLC	vlc-3.0.21-win64.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2576	vlc.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2392	msiexec.exe
2392	msiexec.exe
1000	chrome.exe
1000	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4676	vlc-3.0.21-win64.exe
4676	vlc-3.0.21-win64.exe
4676	vlc-3.0.21-win64.exe
4676	vlc-3.0.21-win64.exe
4676	vlc-3.0.21-win64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2576	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	400	msiexec.exe
Token: SeIncreaseQuotaPrivilege	400	msiexec.exe
Token: SeSecurityPrivilege	2392	msiexec.exe
Token: SeCreateTokenPrivilege	400	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	400	msiexec.exe
Token: SeLockMemoryPrivilege	400	msiexec.exe
Token: SeIncreaseQuotaPrivilege	400	msiexec.exe
Token: SeMachineAccountPrivilege	400	msiexec.exe
Token: SeTcbPrivilege	400	msiexec.exe
Token: SeSecurityPrivilege	400	msiexec.exe
Token: SeTakeOwnershipPrivilege	400	msiexec.exe
Token: SeLoadDriverPrivilege	400	msiexec.exe
Token: SeSystemProfilePrivilege	400	msiexec.exe
Token: SeSystemtimePrivilege	400	msiexec.exe
Token: SeProfSingleProcessPrivilege	400	msiexec.exe
Token: SeIncBasePriorityPrivilege	400	msiexec.exe
Token: SeCreatePagefilePrivilege	400	msiexec.exe
Token: SeCreatePermanentPrivilege	400	msiexec.exe
Token: SeBackupPrivilege	400	msiexec.exe
Token: SeRestorePrivilege	400	msiexec.exe
Token: SeShutdownPrivilege	400	msiexec.exe
Token: SeDebugPrivilege	400	msiexec.exe
Token: SeAuditPrivilege	400	msiexec.exe
Token: SeSystemEnvironmentPrivilege	400	msiexec.exe
Token: SeChangeNotifyPrivilege	400	msiexec.exe
Token: SeRemoteShutdownPrivilege	400	msiexec.exe
Token: SeUndockPrivilege	400	msiexec.exe
Token: SeSyncAgentPrivilege	400	msiexec.exe
Token: SeEnableDelegationPrivilege	400	msiexec.exe
Token: SeManageVolumePrivilege	400	msiexec.exe
Token: SeImpersonatePrivilege	400	msiexec.exe
Token: SeCreateGlobalPrivilege	400	msiexec.exe
Token: SeBackupPrivilege	3200	vssvc.exe
Token: SeRestorePrivilege	3200	vssvc.exe
Token: SeAuditPrivilege	3200	vssvc.exe
Token: SeBackupPrivilege	2392	msiexec.exe
Token: SeRestorePrivilege	2392	msiexec.exe
Token: SeRestorePrivilege	2392	msiexec.exe
Token: SeTakeOwnershipPrivilege	2392	msiexec.exe
Token: SeBackupPrivilege	920	srtasks.exe
Token: SeRestorePrivilege	920	srtasks.exe
Token: SeSecurityPrivilege	920	srtasks.exe
Token: SeTakeOwnershipPrivilege	920	srtasks.exe
Token: SeBackupPrivilege	920	srtasks.exe
Token: SeRestorePrivilege	920	srtasks.exe
Token: SeSecurityPrivilege	920	srtasks.exe
Token: SeTakeOwnershipPrivilege	920	srtasks.exe
Token: SeRestorePrivilege	2392	msiexec.exe
Token: SeTakeOwnershipPrivilege	2392	msiexec.exe
Token: SeRestorePrivilege	2392	msiexec.exe
Token: SeTakeOwnershipPrivilege	2392	msiexec.exe
Token: SeRestorePrivilege	2392	msiexec.exe
Token: SeTakeOwnershipPrivilege	2392	msiexec.exe
Token: SeRestorePrivilege	2392	msiexec.exe
Token: SeTakeOwnershipPrivilege	2392	msiexec.exe
Token: SeRestorePrivilege	2392	msiexec.exe
Token: SeTakeOwnershipPrivilege	2392	msiexec.exe
Token: SeRestorePrivilege	2392	msiexec.exe
Token: SeTakeOwnershipPrivilege	2392	msiexec.exe
Token: SeRestorePrivilege	2392	msiexec.exe
Token: SeTakeOwnershipPrivilege	2392	msiexec.exe
Token: SeRestorePrivilege	2392	msiexec.exe
Token: SeTakeOwnershipPrivilege	2392	msiexec.exe
Token: SeRestorePrivilege	2392	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
400	msiexec.exe
400	msiexec.exe
400	msiexec.exe
400	msiexec.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
2576	vlc.exe
2576	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2576	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 920	2392	msiexec.exe	95
PID 2392 wrote to memory of 920	2392	msiexec.exe	95
PID 2392 wrote to memory of 4536	2392	msiexec.exe	99
PID 2392 wrote to memory of 4536	2392	msiexec.exe	99
PID 2392 wrote to memory of 4536	2392	msiexec.exe	99
PID 4536 wrote to memory of 3172	4536	MsiExec.exe	100
PID 4536 wrote to memory of 3172	4536	MsiExec.exe	100
PID 1000 wrote to memory of 1424	1000	chrome.exe	103
PID 1000 wrote to memory of 1424	1000	chrome.exe	103
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 4988	1000	chrome.exe	104
PID 1000 wrote to memory of 5012	1000	chrome.exe	105
PID 1000 wrote to memory of 5012	1000	chrome.exe	105
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106
PID 1000 wrote to memory of 4476	1000	chrome.exe	106

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\IPTViewr_Movistar+_1-5_beta-1-sp1a_es-es.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:400

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:920
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A82DE815955F5C85F164D948D3CBC009 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4536
- - C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\FirstTimeConfig.exe
    "C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\FirstTimeConfig.exe"
    3⤵
    - Executes dropped EXE
    PID:3172

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd30edcc40,0x7ffd30edcc4c,0x7ffd30edcc58
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2204,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4768,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5344,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5248,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5620,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3472,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3744,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5216,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4912,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3496,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4784,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5980,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6084,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5932,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5908,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6288,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5360,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5876,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5992,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5856,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3260,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6272,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4564,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4544
- C:\Users\Admin\Downloads\vlc-3.0.21-win64.exe
  "C:\Users\Admin\Downloads\vlc-3.0.21-win64.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- - C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe
    "C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe" C:\Program Files\VideoLAN\VLC\plugins
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3292
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\VideoLAN\VLC\axvlc.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4708
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files\VideoLAN\VLC\axvlc.dll"
      4⤵
      Modifies registry class
      PID:620
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" "C:\Program Files\VideoLAN\VLC\vlc.exe"
    3⤵
    PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6416,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6488,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6672,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6860,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7112,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6856,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5812,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6828 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6816,i,1943204569406631741,13297795060942856684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:3336

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1772

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2700
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2576

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3380

C:\Users\Admin\Downloads\MsgBox\MsgBox.exe
"C:\Users\Admin\Downloads\MsgBox\MsgBox.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:652

C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\IPTViewr.exe
"C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\IPTViewr.exe"
1⤵
- Executes dropped EXE
PID:888

C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\IPTViewr.exe
"C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\IPTViewr.exe"
1⤵
- Executes dropped EXE
PID:1760

C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\FirstTimeConfig.exe
"C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\FirstTimeConfig.exe"
1⤵
- Executes dropped EXE
PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57fd0e.rbs

Filesize
35KB

MD5
23d34dc8c5d0f2559f611d48934bde4f

SHA1
e0d108825b41b2518648c1d8b9f80e34775f31bd

SHA256
241cc98f27fcf4fad852f114c3e7aa639b1d86ae518909bee988cb285d2aeca2

SHA512
85a11c3633debb8632eecf7b5454bddc53f8860c4f05c1ec63972a9dfabeb8eefe15de2d6876978c0de3f0cfd7143517039227b0a32e93e6454222ac76a048b4

Download Submit
C:\Program Files\VideoLAN\VLC\libvlc.dll

Filesize
189KB

MD5
264a9e0194dbd3c0540d67b156ecaaba

SHA1
4f1e7609e3ad169550e082fa35d08a7457a528a0

SHA256
095d164633af53ac015dcd76540e8523744f57d506db111f19b3fdd9d6180833

SHA512
2d1e8a98b8183b76f1b7fe4c8aedae69f903f29cb0e578f82399c5a1e817f479c5e45904f6f1e736b300a9e6d9d33c2caa4b60cb87b0cde3f03321f881c4945c

Download Submit
C:\Program Files\VideoLAN\VLC\libvlccore.dll

Filesize
2.7MB

MD5
c62c3ef5753af6e0980f38eebc196b1c

SHA1
fd1d62feaaacb7cad5f952b61a6f7bd60d6dc4e1

SHA256
2ddb85b36650f85b5a09724c5b17428b1b1b76bd3e3dd85b643933659d5e333d

SHA512
f2338d26b073d8a796a7a19ee290b87b63f30f6cfa62e74d147756d2362898a167784c860d9bc098b1ec1a080aaa0fad25ca8c611b7e8f42ea8195c2b14abdfc

Download Submit
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo

Filesize
831KB

MD5
054b5d736d33495a8a84e93215a81f34

SHA1
4a6b974f1dd9378e90e036aeb1699f23d46c140c

SHA256
bb789f25320a3fe05409db15406814da1f9c0c37c9aecf610bf24de4a423182d

SHA512
d006f08cf0d9ff70f42aff06201139aca416a1c396584e931017be15894af0eed0a010e5d2266e9ce5eb5eb472ee5b6e8f226030e9a9e1abf447f348584da393

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll

Filesize
45KB

MD5
3129a88916039fb124f4856c4dcd299d

SHA1
3b337f56514bea21af2ac6a9a935b4c0f1942c7e

SHA256
6f6f559ef8d2159307d0ae995994240137cc3ce57c0f92eae2e523aa59e552d3

SHA512
497b159c19ae65413cbe6618bf046e251400e30c20511b2fa54771664e1535da38e19e60f9797821f61b3878fb76b9755a86d5c74ac769b975599a4265eda2be

Download Submit
C:\Program Files\VideoLAN\VLC\uninstall.log

Filesize
21KB

MD5
2919ed2afc1c36b6df363cf0076c6eed

SHA1
85ebade8abc5af3737c07a68316b20232a97769f

SHA256
8d5516220abb5309d96f0344425d8606758bfe2ebb60dd946f84ba20683a97ca

SHA512
978a9aa5f285357250e7cf3792432a3b66ddb7dd95437d13846f66211aa0da572f59fab6518daea95c6eee022ff2eb80653343d5f410100c6d452569cf9b9df1

Download Submit
C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe

Filesize
143KB

MD5
4dcb6d17f683d4da04ccb245012e70d0

SHA1
491bd2603997e43e488241f21d4953a49012db77

SHA256
ce6aff142d300ce7caebd91a87a09a1752a56cfa324ccaac2bd2d66ad36288fe

SHA512
e64f560d89de8ba2f51aec0c1868d2d0c069401306f95f9ab516a6e9e7d58c133bbc8199a6022d2ff86f8c07b61a6ab4ec556474c7906b9f14edada32561cb50

Download Submit
C:\Program Files\VideoLAN\VLC\vlc.exe

Filesize
969KB

MD5
f9538485432d3ec640f89096ba2d4d00

SHA1
b050b847b1fe8be78d56b29bd23c25e05c227a92

SHA256
5d695d8a0bb1d919cc77a2aa2488a61797bfa065238160278ee458120630aaf9

SHA512
ea7aeedd15f4d6a6005f8cfb7d404dfb0c302c837e48de7e3ff44d7d5908f8de6c0a81f736d874a491eddc89fdf753976be6f635e7e8512f5abb7f32caa8cfc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\68FAF71AF355126BCA00CE2E73CC7374_1151833BB5788BDCAD7971E54EA7B930

Filesize
1KB

MD5
b8a965ab7e33cca180f9fd8f2510856a

SHA1
dc6cd0cc5fad5610765178cf75d4fd26fb15860c

SHA256
2aa79cc7a14cb54849e2f6f449c54086fa9a5e3d8630d87a9b2556a16be56f85

SHA512
ea66436f60833b5a280cf725be471c6d0ec04820186c4dc86f99d29b037e1fd293b87e753de87c4ffedd78dd823371f4ed9c3d1efcf65c695e0f5e476cb406f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A242DAB82C3A2C6C33F27A249ED66F9B_CCED2E7B81BC9B9943D13A078DE9CC4A

Filesize
1KB

MD5
8032f28d7f83f604a56a4275b51dc535

SHA1
227e4924d5f559709ad7d28b9e9d6bad7afff81b

SHA256
49dc4925d37f61ac9be73dff071f90e4fa61b21bc4d977908769a0c773bf9b07

SHA512
edab919e2730660254d3c364b5fafd3ead6c0b4d93c9fbc1cc913b5821f870675119520885ac139a7e2b9af553c02f160541a2922d618045bda47882ebc49cb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\68FAF71AF355126BCA00CE2E73CC7374_1151833BB5788BDCAD7971E54EA7B930

Filesize
412B

MD5
c43676660bdfe5149fae8cb24689d762

SHA1
88a88474a5e65a7d964ae4ace925c286468d05be

SHA256
f1194d72008f21b448bb23279bd2c5a41274a3e95970bcc34a31817f335f2a93

SHA512
f78138115c6b56c6f87a7161588279259297f35f2d1225f735817b315ef9af2a0c57f18f714ef87765b7ec714a68284c2d91a6c521d60388905063f4677b6dca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A242DAB82C3A2C6C33F27A249ED66F9B_CCED2E7B81BC9B9943D13A078DE9CC4A

Filesize
430B

MD5
5521ec7b8980f3dc6c2f4ef68a2b733a

SHA1
500ccbada0ad0ff750d33f8758ca493d27dc8b19

SHA256
d481b7d7c7e50f3f81fde6fe533cb725cbd26aa190efc83956713e0fc71012b6

SHA512
9e341ada2042fc8ef3c30671660afe3a6c8543be4ed291a0503c4bafd68b94b0a6c22b124c56bbb08e72388ff077394d41e254553971e3ec2b782b4614bb7a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6d5f791ecb6e49d136c710cbacc46ff4

SHA1
ae657ef15b5c50c92b8154ffe6b72847fc57e22a

SHA256
ea55f84da71eb2d32424b548066ac236826d779d60de73637c3568862a118195

SHA512
4c7f15ec82efddbc1aab3aed704d828a77064524d2c8bd1de0e869750dd355c115ca9b50f557910be2701d4a507643629026c0b47bd6ef0e0bc364dd05b27dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
53KB

MD5
f8c732f4d4d8fdefe12cc35b19148644

SHA1
a7bee191bf4b7ba581120c437eba996c23f6940c

SHA256
d268eb3e94ceaefbd9467d35d78568c3294d1b6fe80ea8de032fb818e6728f80

SHA512
92f4ae6f0d07036cdbf5f476ccd5ac1969880de0498edf99c32c50aee22d9876229eaaf21adc9269a073cef9cd81167357a3aec6e4ac7c01758a8f3cf9374b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
34KB

MD5
59c748b51f15ca15862f74c587af2940

SHA1
aed3f531c6a1ad09b5ed5e8261790c686d946533

SHA256
af1c17ad638f0b0147cb63e29fe4b6a3b1a03e8ea9c15d92285b16c0997c1581

SHA512
f299788e9b83afce0bcdb897c9d3b8d9d12dc1d6857590c5c06dade158a263f2b21301a7eb719aa6f80c911d41a475e3d85a99131640c74993f53465175ecd6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
59KB

MD5
7c3978e1ae2116eeaed7ac7ba31111a6

SHA1
98bd6d183b84ef8796d716746df492e33dc7ac41

SHA256
78f2854f68f042d16ab4e3dd54ea8bc472c7e7a3669a8353530d529b82266670

SHA512
8542da98bda89589d0ad28dcc68efb2f851161983e35d6869671019c251301428e3d29975044867014258dc5a2ba1134a426c40f223741defe21b1e2f007741d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
34KB

MD5
9b0542cb3657e7d5241fa20e2f537158

SHA1
78ca97c6bd2a5a363a99ac7c7d7e19e47b26a114

SHA256
0d5252b1ce39125bbeb8ee43734f8944e4c1cc06dd54e1a0ce284b2074d52df7

SHA512
5dd01aff21cb6eb4a910c7ed6fe26b628bfd03d789ddce68816fb6838ffd1b7296ec2c11b9a6e86fa22306de409352f13fc4c69d5331f97983adbb8d0676d0e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
66KB

MD5
8a3412eb72b99897560919845bddd9d6

SHA1
0aaa523fc31a6da7da894dcd2ebd0770b10963a3

SHA256
66768c07882d78be332c128162d0fe462450159ad166affd54314f283596c011

SHA512
1ad71bbfc9731623d0d3d3176f300d6a63830f22dd033fe2060cf810de7992519ee7b7705f6f96e711c7bdd6b947c24e3ee6e26810fa05121d63fd71a4f7555f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
167KB

MD5
70725bcadd8b225393e9a90cbd52cb21

SHA1
eca726178f70fa1e1f214d14bced61309c8c411c

SHA256
a0414f4fccdf0fa561f3c18523908baae358391c2fff817a691a447d2c08c24b

SHA512
6bb44f55888dd99d682c67be94f7215379a43047cf3409ec34320b6fccc37a4b14bbbbc703f36593f07caf227929ee5590516721bdde5c2b89e2a1a6a6bed55c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
100KB

MD5
c3ae94e562ae5d8123b96d0f1a91bb83

SHA1
0e19348422e5dcee3ccfcb896fa44efe6b07c1b1

SHA256
aa9a5a875d60d47d017c3c31f68337bb7307050309768ce4891092e938939e4f

SHA512
c2568fe8e11dcd7ba5b8dd0616c94354acc633a7a12d35b6274654b4c96bfa63813c45324f00bde1524a56c0b0eff5cb1d99d62a96d0a94f3ab5a0bc7a4fe982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
52KB

MD5
62380ce14e64e1543d839a7169193132

SHA1
1f9fd3ff6563d9197a83798ce2a1e81e65c3cc93

SHA256
12f5237509eee76d05057e1f2017e38f44fd22cc26060f1d14aa295511172407

SHA512
c3808ef9bab98031522651810fc7a2442b831edd30481f958114222abf469123515bc2d47bf64cc8dbce13e0e46a21c30a5d99e3fd0fdf49bbb11f0522f24026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
32KB

MD5
5aec58b96fc9e62268beb383abde5c02

SHA1
a915a959d3b23ce3ddbd89995ad1c11a8e53d051

SHA256
a7e96dd50f0ae7d1abf2f2575e81d56013ad112c3aa0ba9c153467dc81512e18

SHA512
e7b929245d58f0532e39c751860a61d19dd8d560ddce5e9e5dc63b1bf4ff1bc01e1ebe22eb2a87811dbcdf47d6f7a9b3697b5a779856e98839c3ab65f3a9cc2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

Filesize
42KB

MD5
0c74385e7737386aa46ae9cf3aa09966

SHA1
a5703db8b6ad7256d932cd528a55e9c3d23cc85d

SHA256
7dc1e70e67a65dc2032e0fdf7ef3edb35c5cb1efee4ef548501ea9fd953601c9

SHA512
3f7f85d4b52a285b85928683e3c36ffcc75e6c0ee6d7801f7afb2069eae6ea555378fbfa43e09bb46a192ca6a8d40d06389a453e94de2da7a290885065182caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
152KB

MD5
4521b6fb0d76ba6fbde6dacf5a6a2a51

SHA1
8ffdc57f21502f0164760f9e2bf4dc10bb3fb43b

SHA256
4f9e8f4c4e21819683335f73bd1e7d2b3afaa30d3449508472294885afe8f0d4

SHA512
13819a3a6357cd44717fe768154f8117115b22043e9ddf024b5b7ebc5ca427d733261e0a0aa0237be54dda49fd3010853b1692dfb74fe42695d201cfddeff552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065

Filesize
144KB

MD5
a480e265b51da6d64ff601cead8e3b62

SHA1
89448a7945753864a8de166379393b3246f5f03a

SHA256
4a02bb9e4256e863ccad6e9a18b2478603c0fda413b5fc62d0409a3627526d6d

SHA512
ac0d95a97a9361c73c894bcfef36e941ba69a78c51c588107248a2ee72d4a5dd1a8d7051b944238b6d913be812fa0f12cc0401ed324e67f19bbd1fad53b6df04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
20KB

MD5
0fd3b46fd7e5dd422bde5768a83ffdef

SHA1
00bbe47c66179502aba235f9f5c01a0cf2e76051

SHA256
4027d8ff4ab76b54c34765b96344808d7ec72c0d8e1c26060a8a300f2933a72e

SHA512
d63690a50479d19b959ec1e7ec27214a4a53bb2205b9008982ccc68bab93f1cacc7bf788d20476dd9e0d9b12299f66803f5377136da28470dd460c875dbcea2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
64KB

MD5
0dab0c7b42350e02cc3a2455947adaf3

SHA1
e16e426a82b24d209854490b1d42dc3c572ae1fa

SHA256
fa8500a32e9b9c7fe120b9c3f494389d6e33dc3e67f1e542299116f86de35777

SHA512
424c139044079cd0c489b394ce1556cc9091f85ae8e0ae9956a4622678d6fdbd3a1133c43167fa44460cb27f4e45fb81685904ce8357607fe57e91abd43e2c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6a10559cd4db3654511f9a05fb7e8395

SHA1
37e1512abff700ffe88a046cae967d118c1f84fd

SHA256
0543d5cfe9c7d194f55e585ee6bfabdc6062e56b4f2439e12ebfc090cf7a940b

SHA512
9bdc8640e7a0a8ad13092083a6562eeb047a1b282ee01028180f4bdbe586cfe34561478214ea7c40b97d20615b9e9b26f565b47155f856d625b24ac80c0e9672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b47ecc9bdcb435dd6e77cfba540079e4

SHA1
2eb4784eb12d95912b63436231dbf7637817c663

SHA256
bd7eac63c613108a8bb95e1f4cd493007cb37195e2c16a5d37fdc6c2cce7b5a8

SHA512
81c65324bc1c28e61ed7a03fcc3aa5049a3b36f44a2c453894126a3ccf3de3d66ce2e0f59483bb593beeeb3647bf6ca9396679be94b8b1e523d967dafcc3ebea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
29c3e4136529d167599a2ed386788529

SHA1
532cac0b172cd4e4fb07d60d3015aad35bbac1e5

SHA256
83553194aff50930e8005cafd89228df80f60fb236c6faa0a8e048223b32ca2e

SHA512
c229de724f38776e666f12a3a37dc382c319aecf4cf84da34af1a74a64e82f0300c752220df73bb6072f1623058114d842bb27c97bcf017eac185ef14f7251d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7caef86b247b31f425acb81aae36163f

SHA1
c298965715ea5973063a258e5d053ca0d1975e7b

SHA256
1385c57b1b6decf51873b628e2178b420e0cf8709053e91cabf48ba8ce3a4782

SHA512
726dc0e4bafaf7e1dd6829c0f3f4e6bcd9596b76efb504555fb0fcad83218f2f299c1c8d7d891084a24077d09f1c6ed82de20915bfa11ff4505e831889db395a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bef1aa6b11000a2df50a42f10f01408a

SHA1
71edf1ddb71e75bd239c124807da6576e28a393b

SHA256
b0eb4151154a5589f13d0130fbb534769413611f48de86536dd74e334f877178

SHA512
612fbe7dac166e0b74834a00a8f4720e4f61f1aa28b065021a937b5ebcd2107d5e92a153a3ead9c40485f7e4f7be5d6ba34c9af7f4c1a86b94f3d559f5bbc89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
72f902058c2253b2c2fd5f84af6a40c7

SHA1
643d69db0859ee56686eed272dc64cc10b7b4817

SHA256
100811a56b3471c67a5eaa42f45c0028e5e7406612cc424e8b842ef221bfbed4

SHA512
284ed8b69e7193d39138548cd8a21f1d47bb03e39823b6b76822496e4a3f33da9b85a9fee94827163ecdcb3058ba5f917fd821f5466e1b986ed4a9a39e330d2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
80d0787de8725babb2a9cbde1ddb1c8c

SHA1
b814edccf0bd3897b2a79d6f7a0d55c020f8133b

SHA256
4d2f1b193b24eebd791d21a93d8561f031c28da74d56399d2f4843a4f38d8606

SHA512
99fdad43ad19c180654244890603eed43445651959030e542e8260bcf1e8b794c7e23395c65688fcd1d9ed39208bea40ccbabc12446e08b2444ab65b7fa5a342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
533edb8e9db08fb98212c2ef4aba6429

SHA1
5c58ea405e38afb6d4e1dfb7b4aeae95348e0ec3

SHA256
7778567da455b592a419192a046a0b993219fc3809f8b969611772991d118aad

SHA512
c17c7a92a5d7ec3fb67adc97d4cc13323b1f22cc74798230b54d4be0fdebcd6c34d57aad4d937a54032d4778ee63d4a1f98fc2948f82b047b124a85f1f7593b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e9535d1428fc4078bc7e774741a0d69a

SHA1
e959d1639c3c037481db029795f864a1166113b6

SHA256
89e4d5fdc65c9634d985733af9d96d3202210f7c3ddd3f658b80e24465884bbf

SHA512
4cf93ae09c9e590ca8655ac4a30ebcdda91a755e8ed46d921085160f2e0251dc03e158091dbd67a740938fb214a246ce5e67036eccce7bc3e8367726e1831fa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
c1d7ee02fc317177ae411ede382c4cc4

SHA1
6c9ebd0405ff34108c8873723a84432f27e42315

SHA256
0e42a6cec52f9fa54f99ed0ca2efaa39c6156b36556d57fb0a616ecc48bcea33

SHA512
2befac2c76b5153addba456ab37b2044df51a118dcaeaa14401d97d62fa51206bc87e48d14e541b40f6206591eb8afe150fd017725b2590fa672daaed8a2e660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8b79f421026c44e443eea6fd3b48a8cf

SHA1
7d7083bf10b9adf6a1873cd4ac1ef8ba73e14a51

SHA256
b9748f337ca5739c56f6d11d9d7474d7d172765eca4eeb272657cb7f01792e8a

SHA512
4db7719953b44bb63bd824e454f30ccb30aa5657f34fde93d8f1ed93b0ce5835008f66e1c48fdebb93d08027cfcf5e386b0883c56632a933ecfcc647df76810c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
32506b809848f234c31ab5dda4ea0524

SHA1
7aaacce8370cb6d6e2c0530640956f9a27a3f407

SHA256
56dbb6a7445ec823ba436bb46346acc2492521c3d54b836f025a151859709d8c

SHA512
56825d44d2eefbe3848b5f789178a3115a67f7c36c263eb00f6dca2d792aad001b3396c1a4f2e38cb97ffe2d4722768c769009de6492028456fbfa1eb19c3fd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e883aafd33c0fcc085e71a721f2371d8

SHA1
92959cdba245e032d133ff4741c3394faf6ce885

SHA256
b67bc96d2069d542eefe054df870cabaf18c8b633c952a982aebd2c4c1383aa1

SHA512
f21de6f1e4e0c7888de93638f7728da7211efe117401f3f07553e3f5963cd9e9553c2f18d392f7c1e066dbfa8038c476376d809499aebfd6bebf6c24d8501235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
39fd7a76273aec8b3e8cf91989fbf1bf

SHA1
c123c0c3b3a6531208fa08a17104a804987ea268

SHA256
ae015acb413c666f1dab00aa6f2e5a4b3e1b7c1d8ee495c85e1a7f52cf31a8ed

SHA512
f58c1241f2da137bf14ab3f06f83cca99d038eaa898bc93a805cb5f0424285556ce5f60bbc2f4a41970d55f89a74725af4d947383987633b95c9c7844d4ce511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c10b122431b75caa23dfa325e3669400

SHA1
be67d882c06a01d9e5061436cce8e64d286413df

SHA256
6acf312e03b7ced0cf0fb66da1c831297d013e53524d938a550e5abcaa5b4ba5

SHA512
51a18f0c20fcec9a7228ca5fc7477c4ad9712a451255aeeeed71da42ea20f92177f89c5676f468e3352294d09e004440ec13844472082ab3866aad38046326d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0652f18b7b60b6ab577009ad49f6a546

SHA1
607d2305c1f1e4123f0490e4f02c06e79eeb85bc

SHA256
7e0b58a45dc35a112207131fb3fa03cb0725e6602e66413535f391b9ae97a645

SHA512
176846a0fec202ec819f6218515bdce96fb85272ee6e9162016056863344893a5c058d69e424a3932efba63475d6d364b0090ec3d8b2fb3c20a1401dc0c35de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b47efbd480646ad426825252215fa1f7

SHA1
8eb2c23a36024b05c8a9c3881b7e2c72f772a34c

SHA256
cee68ee7536e49741026fbcaf7ce699eaa54d60aa29fbe1e30a4c477d0efb4e9

SHA512
092d282d057243d57f14b1279d3ea76ca28fdda409c609e0d84bc70c61cfc514d0ceb6126f1e8e17d47a5b942da638dc9c77dbb424fa7d2a3392e5331ad4d217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
04424aef70c37fa9d8b6acfe882c2865

SHA1
a7eaaacd98ef8f3630d7ae6e00dc4e67ed96e5d0

SHA256
bfb75088c9bb5734e0d5a31c842cf7a943bd316e0bdbc9c3f9eaf8305e9dcc5a

SHA512
4ca7fdc4093bd16c47e45c8712d4103e2900248f774777c4b1cf163615b5eb3fbcb97b426234100d965a89597b41b5abc1c734331b5f88eec51ab4b472c5967e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c2601422343f9a770b055fd56e4b523c

SHA1
dfb97de030bfaa61ad6459e5fa71b763b761ef2e

SHA256
bb69eb67e61017b8e836b1820b389af3ba46141fff2afa3c516da79809699e9d

SHA512
2c2061f26298cf6a0bbe5678bc4482916451ccb30bd0e369cfd7be400e2673aca68e3b05df302ffe2b023b8dcde7fab146de2573eb4bf2ed4a298699b3db41de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
be0d1c33c16e3204437ee5068334d1b6

SHA1
96ac1a535bbcbda016541873644daa71887a460a

SHA256
12d9d405af029596e76a6ccc4f6881be636ca76e155e13b2dc88755b8013d690

SHA512
7cf19e1d55295da40d610efc04fb8c0755f7fb11c0ce799352ef1aecd91603e6457e8528bfc1a459048108d751544bdde0e3d1ef54b7f30c1e2521f85c6873f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8b1aa633f6d341bf65d18c263aed0dc3

SHA1
f9dfe4c6463f9d66a077a41f4f1fbc56acddcde0

SHA256
7051b0536d57553ef57ebb6153c74fc3232ea0ab485a529d8ba0308fa168e295

SHA512
d74c47448c4eb96ac1cc92cc43c8965cf83ad0cd5b407a88c13baf1c0cb28dbe79595b4497628185b8122bdb4eef7c9983eafcd1b4a57422a83702a41857f193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5f54b27fda5328177f9f0015bec80267

SHA1
c139073ad1ae1c280728d10e79c1daa2bc299c77

SHA256
973c9b104393441a358052d2ed52147888349fed9a4effdfdc71e689b30de7c3

SHA512
8072eae8e352fe642810de74182f051690c959e4b08870816f221ef44392857daa2c1c08e04ec117b835f4578bc56368a5ed7974d32d0d2252409febcf5dee63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f189fb22-cf34-469a-ad32-d4fd5e65c51a.tmp

Filesize
356B

MD5
3c36991b13838f906757b280084baf80

SHA1
427f6ac70f73741f24aba198a9044f259caaa2f4

SHA256
2331d07f473a7b47e57bfbb0b0a5ef0e70460705ef9d80bdc4462118be41768d

SHA512
7856215edc7e94c2877b5141025a3988779bc753609180f7cd8902ed214ee56f8fa442caf0897f14c9181e4c14b9474a63b2c44cde502ea86aefccd359e7823b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
12a21f0ec3284901c82b6b00b52dd178

SHA1
ed364c7419a3b10515c937bc4d7a3336a2268df5

SHA256
afd684de6f0ee6388da2becf0363bf58d97b75625deefb6225d50217ee7b1d37

SHA512
f947d253bdd7c255f34014f8fcbb8ace726212fca3c0abab61cabea6d6d41079bff3bee58f06e6242353c27852d8cebc90b3993389a9601386a02db982b6fd87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee58a76fea5c6adbd18ff9a6bd4fdbc7

SHA1
bbc1b9cd3383ce8311c71c248c7d5bbf0ae19f88

SHA256
7875fc04cf6fa073ef4646475f22158a0e4bbd44a956ce28fbf909093b2516b8

SHA512
6d1bd01a86fb65c50eb4d2154d573aac59df922f62a3c04344b118fc56e08086408b12e4043cc36b7f8fc89d4bc4655c1d6913083d95ae7ae13b04d7b3c7e6b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2658487e3428edb2f94f120224391472

SHA1
5198fd7b1e88978fee5c5829dab99f4869d9b43c

SHA256
cd665f5a0af66859bccc20513fea719db190b92d718ca17b39ad00487915b9ef

SHA512
0608928d4375d3959dc36be94b747bf822ed7ef372f60cfd48d03156b677fe1e256175883572bdf169a0cb5d846ddfd70bdc6fd4871857215baf0e5dd14c3f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d3de7f06adc0db9e3f6630f088c3debb

SHA1
8aacb571127213b5a449f7d33524a3dbaa7b4cec

SHA256
bea8965d7d8275f1af217d9c5be48e445b0dd147cdf5dfe0a191d8f9675468b0

SHA512
1fe220e5a022ac0fe053594b2d9f5881d785f9558aaa0bd793ffcadcdf070e6693663225f3f23aee6fd81ee4e9c41d234d54047ad1b65f264e557a346a997e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3469e37bc9135a52c892a8898c3c558

SHA1
b59f74a33007ca1a14db3312216ca27e8c05266d

SHA256
f3a780cf4bdf002d093e74f45b5a80cba3e23645d6a8e6d0887b80ee65092561

SHA512
d214790b2a86533cedc55451f1abeb96ee08027f218cb1c1843aaf5d059041a759f6ba19e41ae4fbb16332bfa91d501ef980a55abb8074613a76c284e46f8ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
763f1ebfe87cdc418515b121a591c130

SHA1
4a3f2417f4812c0b1c7d374135f02d64fccc55fb

SHA256
50c8f0a400460ba876a5ea6d81fe4033430c5d55986f1e5f3a13b24ed7f8f448

SHA512
2c62f78dbcae7146fc2358fd4f020f0350dc2bbfcc942ec152443a20a4937168dc5350d7a07d694b02816f13a5deaa615d1fac388324f0d210f18d5db51b122c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
620395879fe1c618442d39104d09effd

SHA1
3fffced303bfacc83e7575f1128a11e08419c843

SHA256
988a7e98c1e9fcf9dfbe78dd2d1243a35e3fa15f033068f62a3ac77f1387fc65

SHA512
2ae362e7ef7aec82da453e47b25431512265ce1032771d4f2dfa5b632d446871edfd01c9e15eda5b15e95925f4adcb73c4aab362a1dd566d2b4496cde08cdb5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0e496e92085429725d25bc6a4784407a

SHA1
ec842bf2ace60133b2a01cb4263d356d1696b716

SHA256
320abd16b071ea7ce89ef520fb0a03fba8a314de4f29859fc9e83d2cf8afe8b9

SHA512
43419d9f47b66edb9f8ac55b9e14de8cdc9a53d0e360c7f21b5a88eda52d4db13e7f695c0052d1772988d1fd9c14561bc655e546b6f08f81779144faa763c39e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b38e3e62278422b4e68455ed57330cea

SHA1
4d1edbfdb6d8cac401740324b88adccf34b21fec

SHA256
96a1604cbf96904cee30c289b27296f7130bf41eb3665637695702b495e1b5e6

SHA512
9d9ad45f0a58e1f69197d3007411964d161ec8312247d9b613b811a93fc4fb05f360e8c1c8fe93d42b4d9839292de57a87a81470fd42cbb7f698d93fe8e395d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a863b3005e9585e7503b20620b6cf514

SHA1
e1ce41590f43de95c597cbad2398b3dc8de701ad

SHA256
4115bb7cf3cfa8f270a140e8d25ee884a5a2e3b37ca229e04503893e80a966dc

SHA512
b0bdc7bc253331b55e29de4ebf91fc86271c7df1d83b3ebaadcdf2fe0147768d65b9bfe882e3e9d603cdae9b7d077979536c2a6fcb3e001ffed30b82bcd80214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c2398c8602a74340f45483a3b044c70f

SHA1
cedf6b70233f3df3a45b8591885951e419a1e748

SHA256
1c53f000ed09278f2463eae8304cc46ad74e26d2e9c997e8b94933a3d50f1120

SHA512
242195b95bb0870e72e69f035933c4100dcc845fad12a58b3ae8ebcabd5ab1450c4f58918bdd22975d2c9fbce888e61f18e579f7a4df23bdc4b901134f421ab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bbc42ae5ec4ee7f37b03379bfe8c2e42

SHA1
5e2c8f45d6deb5aa4c5b9665a0f6b47ebc88986f

SHA256
ea7702a6c2920c87bd117a568954691c7e0cf7b9edd12229b23065237ebf54c5

SHA512
f3b2be151013226aa4c6d7fd23bf02ec254a211a69cc224da851bd55ccc3658ee07305b4fa468b8f28b00d6ed72cceedd9ccf6a60053d3e73cbb92fdbaac04d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b6ef4d4ea3246312643b77955aacd99f

SHA1
22cf1bef6317426c8d92214df921d7ca242e0e86

SHA256
1b184a4d000c37cd3fe542fea11fb80e27f94c95fe0261426f03b112366cb644

SHA512
ae8f6b25713bb2b796f6dc674de61bd4db2c2489aae118969658472fd272881279c18d7bb030147ae0f8294b9dc15d76eb1a1fbb04d93829ef2384450f8bbb93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8e8d3bf4f5b8f69d85f96922f8317077

SHA1
e7d38bd301ee2c3282ee612a124275ad94d7a048

SHA256
0063f150ac131ac4b007d96b8010d4f8118769e07a932729fe49b5c61ff6d866

SHA512
73420def71d2a9dfad0d5133dd005dfb0e153ebd253046a8ee73b97cdcbe0e1c3adea20a02c43399676c5ff214163a117b3868d87580bfac0ab80e305eaab573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
49644e335898c96361f866e06dd57592

SHA1
5bcdecbf6c4fe6addd5d3e4158d77ba54bd1a14f

SHA256
a53e0121464045878dbbd0690bbd4d4f5cf5c20d49b492d9d370ebc33235302b

SHA512
c2a77c479c6ad0ea08f47b3a74254c816ffe920b0ed5b32229b2d56c7ce4eadec2294983137016fd850e2c8127048414bd98322a1fabbfdda48eae15cfb0f604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
916cadadea44e3732f4040e72977e37d

SHA1
b67c0d5b71cc37a3be0e11af50034a9935fae099

SHA256
af1b4b1b1e5be2ac97587fb4c1092d7b454f4547122fd27b496dc45d8157dc56

SHA512
f1fd35e969898ce88d57cfb4c71a9bc705d7c2add1ef4743046496a13f5c3a476f931da5e3700ecfced276ecf164180b21fd48862baaadf48b3b6827141ce63c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9d0cd99d44f54132725b96456f9989a2

SHA1
ff58dd90afc81afc4f37c77b6eeb3030c3725390

SHA256
ac6e8c9bf031df2340c690cd95a4538a2e0b75713ca6faa54f5ae75e4b003475

SHA512
06219635ce3ff097fabc94320fa78ce762b083af5b3a1a3c0fdac69f3dc8b34637699e1ff2c2fd44c1c8f0c951ce1cd58076a8976f4e4eb24a9d0d875fcbce11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7faa795b3bbe610e1bf47e6fe23db67a

SHA1
60fc4018b30512744e2e206eb148d169f6183629

SHA256
6c199bac43c5c51e4bd1151bf1bf70e9ba2ccdaf066c3cc868d2735d645b0eb4

SHA512
09311bbed5c917e4373a5a86e48a4488f16c1f70bd07504f33a5de08028a758f38019ec06db19986da60f7a3f6af79363e7b04e4eaeda42f7237f1f8b09b9f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f59b0caf7d9943157894f0ea43c2c991

SHA1
b3c168215081195f348cca495eba5ff3975151c7

SHA256
b441c63dadff57cf0439d27a8570fb6171706dc6fbbd647eb58205dc9e0f82fe

SHA512
524f90d0ff97b3f3813662a2ec48f2e3ace6e600195250ea49cdf38a5f7b4571f4572c082d8a35bd17aa6be98886fede89d1e0bae89847b37c6dadfc1e2775af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
666e8a5e42f4c79a130b85952df7bfc3

SHA1
9e97810737352867b2026fc095dc2df69e424533

SHA256
c4a221bdfee27e7d7c5935c40d9edf483cd62e0575409fbe47e268642916e119

SHA512
e43de055265af6e59359030ce5085563a7de0c73214a4507f6759df1b850fef904c617d696b859b3baf865628a99d8672e6ebc4ca6098a30fb3d29ac2b1a2bb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3ed1e10a0d7842350a9b5b02a07fde53

SHA1
e43951e31288ef0d4476a2c3f923f79c2be420e4

SHA256
2325dd280fe95bcc9f2a0a6affb57de5a587671322724dfc8a670500b0b4d727

SHA512
b7b7470a84bd8362fbaf7ac6638b5619aefd9828c06120669057672e83c2d0d8f73f633f0d98464c0f11863a935cb3a1b7b6e1257b0fc5d9e025871abd020f4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9409bf945c993e8c3f6c14d9248065df

SHA1
efa684c3de68b6eeb3c1782844e39f716e8ef346

SHA256
851fe4d7d84fe9feebf85ca9e746bd2da70e2503021e7c3930c92dec662c0774

SHA512
d1f142326cc391a24eed907c72780153f7ebce8b4ce0d51b0803ee48531c1178c704805d744428e2c2fe69f463b92ffe22cba1914cdaf549ca3c3d52072c69dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e06363dd88b1d170a515a1dff66fcf61

SHA1
c880df1f79d19fdf13bb1377c2c0d8fccf26bd6e

SHA256
90de1d0ceecca303ecb1edfb09c411732e96e7ab60dced3ff6b238a26d62fd47

SHA512
4096aca1b54327616bff10fa156200e7864563377f43e2cc0a796b59cace921e738b0f7702f1dbe1e873cb1a1ef3aa10376ba568cffec535edd0fa79722e0f34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ce24e2e3dacb8f158fd44bfd9fc04dd4

SHA1
038f273809573bdfed5b5270b9b086f41abf3bed

SHA256
32caa9a7743cfbc85a7396c06d12ab8909c796cfa8002a77b2f63f1106743af7

SHA512
0da7b93353a51095e2ec581ebc5d6518282f8895bfd4847a0fdfe8cc7877ddb47cd02ef3064c598419f69bb6bcca56d0594c7413edbf89cb4ccfb1ba45487b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8d84beccf2fedc88e9d7988efc6e2b89

SHA1
b78eba1f719cba4207955967d959c9cd4948aee5

SHA256
b07163b923f5e58a2edd625b5959b492d44ace720c3f66f60d1f77a3b690bca2

SHA512
cf253de6616d5495eb749aeb097f06b9ff88e76f47396b470fedd00f4af3af8599558dae4dc7de4a5c33bf496908802b994d65d1ef254d4b381b0036ec726025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2bc621ada43badc13685744b0210e56e

SHA1
6871b034bd4e76af419f56ac7f57babab9e52a50

SHA256
4f72abadae9e3dca09a0a4901acd78ec6423f8f51091b67e245846d31f12888e

SHA512
d89abd5b4b76f9684471715a173a1d2bc2514f66a9aef9ab0ff38fe667fcbbca485be6ec3dbaa7a13ac090700f3fe51566b0724299eec89a73d7253b5a7d5e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
07319eda514cbf6fe0b7ea15f7e78f61

SHA1
f92bb08a32b29aeae6ea36b5b255fe3557cf9271

SHA256
32e9c9b75c8728e698d657c3233608e7b53981e2a2739c5a06c67893f547a857

SHA512
467a31bb16278edac7c6d826b564ff2083c990a4d762cdc446b86cf8b89fcdc05d319424880b093f3c96aa05b25496826f99e7bae11a05e63c647f6a45a5ee81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
17f3b37225fdeafa4db2970465a8ee0f

SHA1
3d013349ada2b4c5f30c9308285c2e67f78d3b8b

SHA256
b4439d3bd90e1631245c6728177ac8d11bd2de1630f3dbf7ffd7ec37684f8068

SHA512
169093e1186d1c966335281ff89eb86ff078c6e9b9f632303ed790472498204c619aef201d655d631ca91d4d4009bc7fd76d7569725de4f17f4ba81b259616ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
88ade2ac0208e277baddecb485077bae

SHA1
f2419e87d072dc0831bbeae6a63d21edc3c29400

SHA256
b4183965eb9447520248df7e97b8e5e03d5f879dcc04da87f8e19be26a2c237c

SHA512
0a29cc6928e8649cd25243be26e99f4adfb2acbddf78f01883a683403e466a7ebf9b0df27309b5dca54240769f72ef8887413edf5cb372b8e2af81f5e526117d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9682c8b8f156e0a50c1c4241619a7bc2

SHA1
4736aedb5df088b50ae8aac2c9032c7b9a2a8220

SHA256
892e562b827e55a560827e469c775f8e1fccdd465bdf7cbad29e41a32fa541d2

SHA512
e7eacc83562dce800ad15526dde7fe155119c210e8ebdc97cc902147fca7de7fd49bffbba32080829467a5986a057c6cf8d56bbfa4a7aa4c4b55e6d24678739e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
afe5714eaef2d02501265f069e6fa785

SHA1
e8f278ddb9d91f7cc20f71587e3a0a532d7e0403

SHA256
ec396ab9eb692e9a8be781dd30488526551ae751b761b2576252e52157d8a986

SHA512
0f0c9261cb1798f8da39ac0b0a002ba68b4bf55d9d8aa56a68743cbdf32cae3cf1140b061be00a8625e738ec0ea2b67874663eea1b374ac61b776e799c49422e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
f9f02e5dd49c8fbc54ed2a9b3128a8a9

SHA1
e8186aceed1ef7acac142f8fd713f063052f57a2

SHA256
039af15fb3a9303497f0d2f7bbc3cc55e516bf1c271f56a79f205af430b15c69

SHA512
18c28768dcde6a0442219a5938a5bfe34b3be0696b0c4d655207898b0c4583401e4f24a3840b1f87076f4f5be707d63449b2091fc6f8e4384f6e48bf9ebc1b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
0034bc840c7fd709d4982ddd76264129

SHA1
33fb3ea34e6147f3d7fc871442636157bda33e61

SHA256
86f4ad500cee8bd49445d9874d4c5755a067a9e931139e8a74062f9c6893e6b1

SHA512
e7b3b85c55bbe699cdb7217b7de7a0d08d2aee117de3b484e7b5176c7467834b9c7c161dd6b854c68f3f3943ea3a1fc536a672b4958609aa817243ddd7c134c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
cbd3b59dde793243a2e6c3a76b5a2b28

SHA1
2739f28f8270bc93f273951b73ab85393a040505

SHA256
d4aba95dcf39e22ec118e5c5ff7a056de530e83c14d84c315bec32523e223dab

SHA512
a891c7741db6d9a8c5033f6b3d7f3b4fbb5a8f5251f6f8539964810ae82eb4954d31a8f204a5b0dd3768a11b60edbb1578cb6d246bb6368b659e22371819d0e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
343e0020757fa64381df67b4e122989c

SHA1
80c4f320658740b65338086cf2f7e7324c7b9274

SHA256
8b52252650324f091cf13f8bd4cebae597b8a42afceb94d6aae80eecef3710f8

SHA512
9d682144ee3651e03c1f8f104a61d48074cd1f5feaf980b1b253ea5fefb265617851221588ab3e3df70a07884686e4c4caa85c935139fe35576591ba1f245a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
258f7d583d0aa03b48a30c09ee41571d

SHA1
45b4235127f8c19e5b0ba1d5286bb0e416465bc5

SHA256
5ed3158f0ffc9e08bafef02742f472f3bf49e11c673c37544e58ed2b70adcb58

SHA512
792dd89618748f79c55c4ca50d06a6539ae41c0452cdbc8b7eacb955a9c0a74d8fe9d1d789204720f0516dfae7cbaafbe7ef559127b696021eaab4c289544a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI27F5.tmp

Filesize
202KB

MD5
d773d9bd091e712df7560f576da53de8

SHA1
165cfbdce1811883360112441f7237b287cf0691

SHA256
e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

SHA512
15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa593A.tmp\LangDLL.dll

Filesize
8KB

MD5
6a4ce8d10efd06369f368898462546e0

SHA1
79b9c182afcfddb4687663f287327fb968731c1b

SHA256
42c46cde21b03935314697ef444b01d85e319fc443519bde35fec90c8b21fc98

SHA512
8a5f1d1bf6fef5ed5b51f41129715bdad0ebabb539c0260b080e567a101db7acdba722a9df5e55527ccdd2bf05a009bfee3c4a3745825c953f3348ef55e61918

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa593A.tmp\System.dll

Filesize
28KB

MD5
4a82832a6209cdc3a2447ab2de137542

SHA1
21f334bf90566e3a94a712b68f2cbc32746711d4

SHA256
b07a12c5ced6a1ece5e7dc4103f8b3e15bf77f5edb70daef115b9a77bcf55885

SHA512
6bceff4d3eba26a84029d09f6e403f3fc0c95a744f4d6bfde22accf480a724a0f38960d848a5255258a6a57d3ec9b384847acf167b485ff67f7161aac04300f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa593A.tmp\nsDialogs.dll

Filesize
14KB

MD5
8b11196dc49c4df98c6f97457c97e590

SHA1
7ee6c21506ac68a1ecf36be5d632ee339311d51a

SHA256
47a1976b7736371b9b2e073ef0dd49db3bdbe604ec9ee77e50621e5f19d9ae7b

SHA512
4c77005b35f9c9c3cd64d5dba178f45ed250974848086e9da283d539add6aa70bb9ec44782f69f115ab87d1d1d723a63698f9b9db817710b52ab836a87e654b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa593A.tmp\nsExec.dll

Filesize
10KB

MD5
d0ecb311ba0307fea7ef74699fd8dd2e

SHA1
5ed7f5f4c9d29363b8aec070aec5b78b68311980

SHA256
2790ae9ffc256e0c1b8f9570858920ffa5a224c15939c84ee01918102e1dfd0a

SHA512
49177e9c9d110dc639cb15bdf7f154807da1898d9289ce82b753658f56641af03864dfa6727c2a67cd499af8858605de007f46f538ca7119e1e3f73994a23bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa593A.tmp\nsProcess.dll

Filesize
38KB

MD5
391f1b7c2ba6cc753cc300eb0b3c522f

SHA1
0395ef1df4e1232ba4d7c1f65a042d84bd9b5a76

SHA256
72d4ec8a496c7057f676bb6c0d3ae872f22fa88efe2aaced163ee1f429534dde

SHA512
a8ece6215b85a4ba41723dcb3e5a6eecaa74b1b99508c2df47af2ce6d3c0c979012080b202829ac848a09a7687ef0572827e0a9042e2c567563ce6284e9ea29e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\FirstTimeConfig.exe

Filesize
495KB

MD5
0dab9c79fb28dcd12b10f0507e309e94

SHA1
6553a3cb065c3b2bcb505af883239da2584ff91a

SHA256
dd94bf091c7dc0bd78dcc6cce0c5def4d495e463f6606607d2698d1871c5e8b2

SHA512
c18d49039db26f2fdcf4f431efd9ea3bbe6a07d47dc3ceac62b51fb2aedf23eaa450e3525605ac8a917793663471a4d2356e334bd69bc65ebf6c668b2caeffe5

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\IpTViewr.Native.dll

Filesize
27KB

MD5
06bf8a4e93bdb4bfd53fe6d7c7d46c5a

SHA1
6bb632a1be713f990449d2d1b8f815ede97b07e6

SHA256
a9e5686130679fde198c0352d5da92cc58c85374c7629ed27010b1ce4701e69b

SHA512
6ba99af1b0b59fec1e74ba8e9c25f7c4c0b542cd621a09a9880a4d10e45b10c79b39371f6f18167738f4585afe3698e23dda892afd83033f58bf95fa820663ce

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\IpTviewr.Common.dll

Filesize
36KB

MD5
934097b95dadb2f2bdc43d7828b0940f

SHA1
9806364e6d0c895a192456366b38babfa41910b7

SHA256
a6b927b50bfaabbb7b83c7f6a87804e26a86c31bb70229bc9e1947ce0732b443

SHA512
cb83fce48004bfc88e58fd0c22eb73398bbe337ebb2cc5f314251ba7efd31cef9a52c58bf22560812b3305079891ae5d95a4b13a12a36a92e8f58bba29df6b08

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\IpTviewr.Telemetry.dll

Filesize
19KB

MD5
c519061adbb260bd0dbbac01b3cd054d

SHA1
c7c492cfd7dabbe7fb527dcb481b873675b02f0c

SHA256
4973081531b5ec2fd060fd6c8ee14c4ff95d50f7928892be01ca1612fc99ec8c

SHA512
ded350d58a160650495261c42db18fd951cc5601a607152099ef64f1ab1ba5e21d86801a78fd19112c847b7b114bca20c48f40c1f14152df4c698722c0f2bf7f

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\Microsoft.AppCenter.Analytics.dll

Filesize
22KB

MD5
825eaf4df1e08196d5015b70466b026c

SHA1
cf974b0615bebfc2472bbb3af4669ad294c26828

SHA256
5c99b5c0991b98dc1cec11f4b2a83595f6d0de224105b72e23e90318dfe22217

SHA512
76fcd73f373896b034e321aecd7d630326040f89f1c50ab03a7481dc9a2e3f11a9d40c866e799f6bc2e1b283ba2da8d0dc8f48e75e8faefb903f0e58377d385f

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\Microsoft.AppCenter.Crashes.dll

Filesize
50KB

MD5
017cd1faa21e8e1b99c835d3fae49626

SHA1
a8fa47538cac3a24b3bb62051c73fb3cbfc9e5f0

SHA256
48029564881e5091e1562a43befb1e42e1279ef267c9f9dce020beed7b7a3b8f

SHA512
ac2368adebb2daf994610db1b914b43aaa50f0eae5b38598dfadf31e47aa45b1b3b7605a7c53821881061a5fe1e978ed74e674a3a4a62ae30bb03b76f0d3474b

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\Microsoft.AppCenter.dll

Filesize
133KB

MD5
2bd1307c211ae53acd2e39085a0e5dac

SHA1
5e37dbbd42400880d9b102516c7bbbe5eef47fcb

SHA256
83355b80d15813703c3d0e563328f46355c388426eb1afb3312748497da8a677

SHA512
be9da4538ad3292e97f0129cce6f59759038de9fa9145ceebcd6df2c57e82fdc152ea01d796270bf6b4e8493a32b3619750d0946625b3a2044e704238901d682

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\Newtonsoft.Json.dll

Filesize
683KB

MD5
6815034209687816d8cf401877ec8133

SHA1
1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

SHA256
7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

SHA512
3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\SQLite-net.dll

Filesize
87KB

MD5
7a46ddf0945aa9ada3bc767bafb51cfe

SHA1
545fba74961a567581d3e72fe62c3211e2c29c01

SHA256
e679bd9e238c081d9f8264581e0159d8110b4c0c3b80e79c769384a31169e731

SHA512
ad0ffce79d50c7c0d8b1cc4e71ddfebcb0aa4be619e2325f76d58254bd8023a5ba74b6e8bbdcc41f8e13324a053edf189f34c9368345ba33d2d60fcdca93d771

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\SQLitePCLRaw.core.dll

Filesize
37KB

MD5
368a54998f44548028dce205b4bd8fb2

SHA1
d3f53fdc858440b1e9e60ee644c8a17ffa5329a0

SHA256
0c1cf0a93aa8bb63be0f117f7c8dd2bc18820a42af8c96ba34b76de28c469072

SHA512
57b63aaa5797380039b31e69136d71c6ba3f49feca19217ca380d2909f7b863e7a2146fe4d5b5a13465a4e20beab118bfd4e5f1b52426885272bebd1473a8767

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\UiServices.Common.dll

Filesize
983KB

MD5
e332b587fb34859d14ad3d14effbc20d

SHA1
8f9a5850105764de70601e24ddebf6cd3b4d7f69

SHA256
2fb7837c5f7e7cfa743a95aa94de0fdd6b30efaa081c7d5eccf488d60dca24af

SHA512
6b95290dbfaa2549a2f5d0b0bf6946bd1f7787b6ed3e637a61973c05db0703638d5a7ae870707e280b8c8fc235f0fd196a288f5ff2ead8101c3e38724f6a4f85

Download Submit
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\UiServices.Configuration.dll

Filesize
564KB

MD5
b2559bd40a1c61e201d69653415ca1e8

SHA1
a16505b06dd1f5f765db6e2e42212b8d4943d993

SHA256
387a4565a3ff0b2bf96a03826219aa535d4477e0c74c78ea8f82512fc39d6e14

SHA512
18246e600ebfe45b1fa6c140779b976c8d26e6a647169906a2c2ed54aaa6dc6689d125ab7ac87f23fc20d6e978102df9fe3dba5eeb911ca8e648aefcb89825d8

Download Submit
C:\Users\Admin\Downloads\vlc-3.0.21-win64.exe

Filesize
42.9MB

MD5
a6f92affb6ce711f9f5048410cb4bc32

SHA1
80d994fb95087efce34aeb4a98c8f4d7d2a035a6

SHA256
9742689a50e96ddc04d80ceff046b28da2beefd617be18166f8c5e715ec60c59

SHA512
1a8ff18e29514c48b29fab5ad419b506610c462c09891b4ba6dc0cee550d05eed03bed8d018b9bd61b3d81e1848da7845d53c1b01a508dd87381791541a44f2c

Download Submit
C:\Windows\Installer\e57fd0d.msi

Filesize
28.9MB

MD5
7172472c9a8e578dc6b8310601cbc646

SHA1
712976528526ad2c3c9bf82b7939abe652ad7962

SHA256
c61ecd976b087abf7eba06ba7d8fc9767f3b2bffe79a3952ac8f9c8b1bb0be64

SHA512
4a40bd0268399bc3e1a7232550de69b310d967e81941e279c453fc3d47cb4691aaa522805a6ef08a12c9747ec4e283aeee2b09245717a8c5a47df9fb1fd0a04d

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
e4c581fdb8bb455e2f332ae6adb9e097

SHA1
9c03dd4d0a81c4cea1417bc2664c19ab970379f4

SHA256
7d9efeaaccf95adee07660d6be1508b9cd6df6bdfe4691e72d4a940946b6d7e1

SHA512
ef03793b25344a764a7ca86a8b415a7f17e750f01fb0ea6db517f6fdb9a7cc7ed8854e6225a30055c2c3dbd481a8d5bcf401abf7dfa6d48b1652fee52ff1440f

Download Submit
\??\Volume{1541411d-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{710a62e4-4ae4-49f0-bf2e-a2b24ef1800a}_OnDiskSnapshotProp

Filesize
6KB

MD5
6a183a8186326908416839499dd926d9

SHA1
28846c6ebf509e63c7d9d22dd1135e935cb92f97

SHA256
0e84bb9cdbd97329b21047f476ad6e9fb33b3c3db57fc98ceac59d7777eac56c

SHA512
02daade82a7f6bfbc7060c84bda2750d901e9790273bbd56f546cda235558ffe4943d08f3bbdd8088268f09ee1f753bef2f652d3be90834eb6d356b92a3c6dc4

Download Submit
memory/888-2423-0x000001EF36AE0000-0x000001EF36B6C000-memory.dmp

Filesize
560KB

Download
memory/2576-1887-0x00007FFD4F190000-0x00007FFD4F1A7000-memory.dmp

Filesize
92KB

Download
memory/2576-1891-0x00007FFD4C550000-0x00007FFD4C5B7000-memory.dmp

Filesize
412KB

Download
memory/2576-1889-0x00007FFD4F110000-0x00007FFD4F121000-memory.dmp

Filesize
68KB

Download
memory/2576-1888-0x00007FFD4F170000-0x00007FFD4F18D000-memory.dmp

Filesize
116KB

Download
memory/2576-1886-0x00007FFD4F1B0000-0x00007FFD4F1C1000-memory.dmp

Filesize
68KB

Download
memory/2576-1883-0x00007FFD387C0000-0x00007FFD38A76000-memory.dmp

Filesize
2.7MB

Download
memory/2576-1882-0x00007FFD4F240000-0x00007FFD4F274000-memory.dmp

Filesize
208KB

Download
memory/2576-1885-0x00007FFD4F1D0000-0x00007FFD4F1E7000-memory.dmp

Filesize
92KB

Download
memory/2576-1881-0x00007FF736E10000-0x00007FF736F08000-memory.dmp

Filesize
992KB

Download
memory/2576-1890-0x00007FFD28FC0000-0x00007FFD2A070000-memory.dmp

Filesize
16.7MB

Download
memory/2576-1910-0x00007FFD28FC0000-0x00007FFD2A070000-memory.dmp

Filesize
16.7MB

Download
memory/2576-1884-0x00007FFD4F1F0000-0x00007FFD4F208000-memory.dmp

Filesize
96KB

Download
memory/3172-193-0x0000026C7F640000-0x0000026C7F65C000-memory.dmp

Filesize
112KB

Download
memory/3172-185-0x0000026C7F610000-0x0000026C7F636000-memory.dmp

Filesize
152KB

Download
memory/3172-170-0x0000026C7D980000-0x0000026C7DA00000-memory.dmp

Filesize
512KB

Download
memory/3172-172-0x0000026C7DDB0000-0x0000026C7DDC0000-memory.dmp

Filesize
64KB

Download
memory/3172-174-0x0000026C7FF90000-0x0000026C8008C000-memory.dmp

Filesize
1008KB

Download
memory/3172-176-0x0000026C7FE90000-0x0000026C7FF24000-memory.dmp

Filesize
592KB

Download
memory/3172-178-0x0000026C7DDD0000-0x0000026C7DDDE000-memory.dmp

Filesize
56KB

Download
memory/3172-180-0x0000026C7DDE0000-0x0000026C7DDEC000-memory.dmp

Filesize
48KB

Download
memory/3172-182-0x0000026C80140000-0x0000026C801F0000-memory.dmp

Filesize
704KB

Download
memory/3172-201-0x0000026C80380000-0x0000026C80506000-memory.dmp

Filesize
1.5MB

Download
memory/3172-200-0x0000026C7F7B0000-0x0000026C7F7B8000-memory.dmp

Filesize
32KB

Download
memory/3172-199-0x0000026C7F7B0000-0x0000026C7F7C0000-memory.dmp

Filesize
64KB

Download
memory/3172-197-0x0000026C7F670000-0x0000026C7F678000-memory.dmp

Filesize
32KB

Download
memory/3172-196-0x0000026C7F660000-0x0000026C7F668000-memory.dmp

Filesize
32KB

Download
memory/3172-195-0x0000026C7DE20000-0x0000026C7DE28000-memory.dmp

Filesize
32KB

Download
memory/3172-194-0x0000026C7DE10000-0x0000026C7DE1A000-memory.dmp

Filesize
40KB

Download
memory/3172-183-0x0000026C7F5E0000-0x0000026C7F602000-memory.dmp

Filesize
136KB

Download
memory/3172-187-0x0000026C7DDF0000-0x0000026C7DDFA000-memory.dmp

Filesize
40KB

Download
memory/3172-189-0x0000026C7DE00000-0x0000026C7DE10000-memory.dmp

Filesize
64KB

Download
memory/3292-1763-0x0000000140000000-0x0000000140029000-memory.dmp

Filesize
164KB

Download
memory/3292-1764-0x00007FFD4F240000-0x00007FFD4F274000-memory.dmp

Filesize
208KB

Download
memory/3292-1765-0x00007FFD38190000-0x00007FFD38446000-memory.dmp

Filesize
2.7MB

Download
memory/4676-1797-0x0000000074600000-0x000000007460C000-memory.dmp

Filesize
48KB

Download
memory/4676-1878-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4676-1366-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4676-1369-0x0000000074600000-0x000000007460C000-memory.dmp

Filesize
48KB

Download
memory/4676-1368-0x0000000074610000-0x000000007461F000-memory.dmp

Filesize
60KB

Download
memory/4676-1795-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download