Analysis
-
max time kernel
84s -
max time network
92s -
platform
windows10-1703_x64 -
resource
win10-20230220-es -
resource tags
-
submitted
22-02-2023 21:34
General
-
Target
Filestar.22.0.9.0.win-x64.cc4hC.exe
-
Size
19.4MB
-
MD5
b28ed75d3f69f69d2b2850f94db7b6c9
-
SHA1
6395651747ac8bdde1aaad3e263002ef9409a184
-
SHA256
38662529ae534c9d549996f405ac9b8fdadee0c8b5cbefd99524a638bd0b9a15
-
SHA512
1a17725507a0a7751e249deb0d049bb2c1036e1d0e4c642d97c5ba581fec0551bdf1d3a208fd02096596c449967507aa8c7e3fd8023921e59579a071b11fde11
-
SSDEEP
393216:Dhn5QEJMIhBOwpyZSAN8cEUw8IQhEu2aOn9Ks2xshnUqjtp47f2Jir:tn5QEJMIj1aVZYxQUn9Kshjtp472
Malware Config
Signatures
-
CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 37 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies registry class 41 IoCs
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Filestar.22.0.9.0.win-x64.cc4hC.exe"C:\Users\Admin\AppData\Local\Temp\Filestar.22.0.9.0.win-x64.cc4hC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-BRCS1.tmp\Filestar.22.0.9.0.win-x64.cc4hC.tmp"C:\Users\Admin\AppData\Local\Temp\is-BRCS1.tmp\Filestar.22.0.9.0.win-x64.cc4hC.tmp" /SL5="$1001CE,19509103,785920,C:\Users\Admin\AppData\Local\Temp\Filestar.22.0.9.0.win-x64.cc4hC.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exe"C:\Windows\System32\taskkill.exe" /f /im FilestarAgent.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" "C:\Windows\system32\cmd.exe" /S /C ""dotnet" --version > "C:\Users\Admin\AppData\Local\Temp\is-5IGS6.tmp\~execwithresult.txt""3⤵
-
C:\Users\Admin\AppData\Local\Temp\is-5IGS6.tmp\unzip.exe"C:\Users\Admin\AppData\Local\Temp\is-5IGS6.tmp\unzip.exe" C:\Users\Admin\AppData\Local\Temp\is-5IGS6.tmp\dotnetruntime.zip -d C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "set FILESTAR_DOTNET_ROOT=C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime & "C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.exe""3⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.exe"C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4904 -s 14205⤵
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.Animation.dllFilesize
66KB
MD5fa31ec4a36884194133b70034c466463
SHA1c9cf1ee64b20956cfae7b0e5ca6fa126a7712bfc
SHA2568a73cdfc1c88e4c7db1a42c4f5ed1f79a608674366b1f78d85e89195baa0a132
SHA512c8afe458c97837a272343be4a77a0ccac8f515902165293e6971eac849c94b7155f6749be96e39fb189b7a0e2633905eb0c569be50cf25683bb1a55edd1d84be
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.Base.dllFilesize
294KB
MD56547b376a50d19f1ed589a5ac9bc4fa9
SHA134ac7b9caa230e9ad219b903ef386fea1ee61aa1
SHA25661b24cd0739643f3210fa56bfd0c71d4f7b9634e857cc9d8b3d6cc5805c76325
SHA512a89fa78c9a566c3984f14c3dbe50f1f30b2ca8d0f4dd4138f2e0957ae083db0ef0dbe7ea1c4abb80bb9899d738f243edc330f564c73b5fe0d7bf0dfe8bd6dc7a
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.Controls.dllFilesize
939KB
MD529b13f95fdf014e7b0154b6cd27367b2
SHA1968ed317e02b5b23d9c74957cb8a3a60623a31f0
SHA256d6289a613f500aac7caf39db3703ffedb2e9272f89a953484f67c1cb3920e132
SHA51239947dc6184698edcc618a828a80740834169d827142942f95ef36d26e2560735fd5395c9de828cf989feb1b21f43826b5516c8347fe59b4c0fdb4287656dee6
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.Desktop.dllFilesize
12KB
MD5834d6712db7185b3e361a315c680141d
SHA1488013183271c9da02d90ecfad8c4f21fa66878e
SHA256bf50059b36ec163cfd1e30179e10a109a436aaac205e0c7759a33bef9247c106
SHA5126eb2c61f57f852e6e6d21cb8539d094a8e4b1b71eb8ebff718d16f7f810f08d1dba6ce8c87e5147c5be9c19f41738ef8fc64d1c0903c93fea9f1f3e8d33f5032
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.DesktopRuntime.dllFilesize
35KB
MD5bc837da881ea1acebff0d44718012a71
SHA197430cf097a84cb9cce83db6f5343b0c825bba46
SHA2560329a955da72ceb02919ed99af7dcdafa1e35ed7edcb87d2de32276d92994d72
SHA51293bd45caf58a2da0e835a380b31edc473b5fbfc16f1081c03a26327140d794ab12c016c47e746ebcafba52a86991614186d8f1a25e6e84320489b3866cfb0012
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.Input.dllFilesize
116KB
MD570385f3d931d5303d67726bb2e327554
SHA1099b0b0b9f8be85ce0db7b239a19de3afb3c30e2
SHA256bb331558aca25cd56ac702e173c790fdeaecf4bc4af7133f2552d079491da5ea
SHA5125231b41578d672159815501e003e0c5cd029e4bc6f195e329b27da80ade6f9cde0ba6bc4536571990a89d1a32a84208847caf69562f555c165e60952b32c3088
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.Interactivity.dllFilesize
28KB
MD584766ad61197313fa53b52f6efa9e60f
SHA115146b48c23f3db9af330abde63e33a2e64ae960
SHA2566e5ac097279c9a0d205473e00771a3e19537de020a8e9898bcbf439a6ae25dfd
SHA512b4a6bcdc57faa30a7cd579692e3d820fad81c6820929c7ba099263805b09630e41061272e89ad6cf4e4b8043ef30fb67103eaae45d458d094960ee1ab03c630c
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.Layout.dllFilesize
91KB
MD5ee1bfe00d4848f130fa9ef7b569abdc7
SHA1d341da8e99598b26fcc04ae759b111158471c019
SHA256679ff4ce7f13d2de065305451d72817f28bc04795052b0c19805f2be94282fb6
SHA512d9c45a7f7e2e9aec9e1c03d0b19cf7edd0b90cfdb28ccd58e58567bca7e4ff460838790cffcb95086d7385afd37dd45107b04ffa2be44b3f8c21bdbe35a20540
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.Markup.Xaml.dllFilesize
70KB
MD57c76a986270fe22960fd1a8a3362b465
SHA17ae8c74b08d9ddb4dbd7348016da33c8e7fef2c8
SHA256bd9c653637501ee5bd6bc5194c8ef6666c913de6d378eda8b6c9fd3aad558d33
SHA512fbe0eae7ce23d811631b5097e80b309d6fc5de6ef9c2c83898f0004536a175f7e02453ae95e662bb15d7cf72a0da63438fd99fabd453fe1eb22bac5512372c95
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.MicroCom.dllFilesize
20KB
MD5d4b5ab6aa2af491f33df7390f3798cf7
SHA1523e7c82f1704aa2c5068f9d64f0e7e25c811c58
SHA2560b217f38452deff1dd6cfa5347526b84652ded567c5d2dba341a4bc13a24f5d5
SHA51283e69e0c8162d399971aa9d863d8fe239a146f90ed0669fbf4b270cf854af80ff426bf62c5824c6224081bb92666718f332969a14520176aa791f6b7dec944a6
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.Native.dllFilesize
219KB
MD59a172c0b88e4b7a7db37ecaccbb8f93c
SHA10b7e72b6016cad8677dc8f3edb125cced8bbbc85
SHA2565411923ebada93fcce2fb77a5edc09ee5cf865968993b0abddae0d51b31e1127
SHA51274de1192ec76db3e886f3bb923e156e01fe8eb10f54495aeac2a9eaf2f4410a842dce6617168b2f3bc9e6d1bc8e8be3830109ded276bdc4d3330193c04a16cee
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.ReactiveUI.dllFilesize
31KB
MD5276b333b8017cfacdf4e8a1aee022c96
SHA111a7e33ff9ed9118d1ad07dd7cf371efee5ccd80
SHA25600529dc5483a8e0b3aceca9caa2b198ecf3b14abf99ec641aac7fdb5c9517f9d
SHA51270037d84d0cf86793ff9f8e5d0f53083441a999b82e0093b661e89a8054a076941f9769087dbc588410cbf4fbe08acd0c961f24c2235fe2ca89c8c49555d4ec8
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.Styling.dllFilesize
97KB
MD5756478839170170faa1415d6b2a41734
SHA13b2258f7a1a9c484c54f040c0e96ccf7062bec8a
SHA256ad5d0030effb60c14cd4c85e3a52ba7396f2a564d81f40bbb13c1a4f69b9ef1b
SHA5128356a9f9b7607dd52b8895212dd917e21c2126e5bf60abead717d8ff03f6406e4937ab4e3ac698229d58bcf37d369b881d0db780c47a6d7a32e0544722a51fa8
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Avalonia.Visuals.dllFilesize
448KB
MD5d97f5cdd1c0fa12878b50eb53d970448
SHA1a4a3b3097c13939d6c5dbc9396582b47333a9af7
SHA25667645e1eb11a866687ae93b85aa36da89c9f23383db969dc3574dc0f429ddc12
SHA51266678422b8e5148f882276dca2000578bc5fa09f8bc8622da222aa99909bc8c96f78bc35a8d36649db98d39d385498bd9082fa434429444ee47c128fc0043469
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.Core.dllFilesize
397KB
MD559414b8f80910d0119ecc3cd36d60674
SHA101fba4943a61f444e11bc80ca6662977280557ae
SHA2568499b0fbb0f0866bf4d3d31e5b802fb095f02f95e9d65de480207339cf5cbcb2
SHA5123f8e248e77a0226c883c5d71cfbf379e511fd1c9288d0156548d182c6eb74096d22027036f68ccc73756deeb58288114ae98819504ff485be34bf3c76bbf5b0e
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.Integration.dllFilesize
194KB
MD5b593aeccbd2ab47e944f9cefb21fcf24
SHA1815993d99ae193d6ef381ba0ba9263d31c7300db
SHA25684ed15039f17659938f6158c160b6fee0a1f5b1e9d43fda37d702eb5ef572eb6
SHA51264a00d19ce064fea6b379b6dc41a8aae4cf009a17156f8344044e418e1707335cda8dcdbdc9c8f4120adb221d49d3f66ba94ebf701e037663d1069ced15ba4d8
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.License.Client.dllFilesize
42KB
MD546cea827b42917a3230e6a8aff2e8f98
SHA1d8cfb2e98ed5069eacd4bff2caca6e0d77684d1d
SHA2567ed73439152d7cf647e656e801b62cc185cd9a1dc05b4b5cd49507bf516be2b0
SHA512cab0a1126b99c0bccc5c86f33a5020f3152b5a9c035c2d8c8a1c9596de9ced068b8603d181b3da6ec5c8b42efed13e8bcfe853e85b9dbe154b91956b82588bbd
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.Platform.dllFilesize
6KB
MD53f8fac32259724caa29545ac68e0e3c8
SHA15d8c86e16a35c378fad161c3fa803e76c0d9813b
SHA256753e40d3996de640be15f37a9a612f67109cc942404f0343634fe260af92099f
SHA512fbf82e8375c7d153250ad848e2182ecb16abcc0fcbbd099bd4dc929b29e63bc08f1c191a364a0301b10febc1bc6801a3dc9e8b6b948844b1c5b59fdc1b01801d
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.Theme.dllFilesize
1.4MB
MD5c92445d8a7835d3c4848053295df6f3f
SHA19cc8957fc95941340d11119705862aee653f5c6b
SHA2560ffbbca09212cb313abeddc0af4348bebe80432d4261e49522597f7868439410
SHA5120b8905bfe343f01883de9df049f2bad98c15fb7965992830e71bb73ff0e786834cf371b5f0f42f84bb8ae8598e63059c139180f2f2d52c09818bd081d2628144
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.deps.jsonFilesize
160KB
MD5f5569ec3e81a835ca7ce0287460eef0a
SHA15cb0926cddf52e13f9d00c2002ede8e801971270
SHA2561bfe69a885b312bf5fe562326564caa2d9b72355db2c9c54c6615254c24839b3
SHA512e6582bdc9e8bf70c14c904f75c039dfbb347d5371fef3379d63e9b025eac058383f450aced077757acf3f38e8e1eb6f813974281b0a582e4139994ec5de49025
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.dllFilesize
1.0MB
MD58a4c8914bed691f09673d6ba8ff9be9c
SHA102379eb49535fcccc4135e4c2e2ac4b4660d446d
SHA2568764fed8880370efb45a501daf84667d2bbc16b44d380f525b7ee67789a36cd7
SHA51256b5f89e27fba8b75470e2b661a464f70af11f280c21d069f19299d9b4997e9d99136570c4cc239ebfa6568a9fb82c9cdacb1cf7819ff87425ffb354cc0aaaac
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.exeFilesize
202KB
MD553ffe6071bda8c129d08b12328e04fab
SHA1f513ebdf59d7930290c179a74f94c448e516f9f8
SHA25604cac372021a77485d99bc2dde548c9f611fba790c7ee87ad75314b3424c98fe
SHA512e5ccdd26e07c37de191cdfc3cf2e1838b9a41e0b71eeacc63d80f4e72dbb01082478c1729059753096f2d0ee6090546707bda33902321d350298cb90d4c8b639
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.exeFilesize
202KB
MD553ffe6071bda8c129d08b12328e04fab
SHA1f513ebdf59d7930290c179a74f94c448e516f9f8
SHA25604cac372021a77485d99bc2dde548c9f611fba790c7ee87ad75314b3424c98fe
SHA512e5ccdd26e07c37de191cdfc3cf2e1838b9a41e0b71eeacc63d80f4e72dbb01082478c1729059753096f2d0ee6090546707bda33902321d350298cb90d4c8b639
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.exeFilesize
202KB
MD553ffe6071bda8c129d08b12328e04fab
SHA1f513ebdf59d7930290c179a74f94c448e516f9f8
SHA25604cac372021a77485d99bc2dde548c9f611fba790c7ee87ad75314b3424c98fe
SHA512e5ccdd26e07c37de191cdfc3cf2e1838b9a41e0b71eeacc63d80f4e72dbb01082478c1729059753096f2d0ee6090546707bda33902321d350298cb90d4c8b639
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Filestar.runtimeconfig.jsonFilesize
253B
MD524e4653829de1022d01cd7ddd26e2f22
SHA19160a009cb381e044ba4c63e4435da6bfeb9dc6d
SHA256ded3aeb5856a11db0b654a785574490cab55839ebfb17efe9e39b89618fc5b91
SHA512efd4bbba1baec0b47003831510e3aa539db9ef468e0f06ba9d7ba6d0b3800035f7c818d7d90171bfd377ec97d08c4617555bcff635dd83efceb412b1a9cca820
-
C:\Users\Admin\AppData\Local\Programs\Filestar\ReactiveUI.dllFilesize
292KB
MD50f612ec1c7e2cd49b2c536f63cb78dc1
SHA1971226cfacadd6b247957b541adff5d69b1791f3
SHA2567de74f18502c93f7f715b0a75e5a11651ebdf4528cef8df7be917b62e537e400
SHA512b5c1447c83936e63397f2c84277b63ffadc61eb137b9ebb338e08cbf1442666d1e5433634a7269aa2dca0c92b67fb539f2e233b592bded9a8df4de35c10f3e76
-
C:\Users\Admin\AppData\Local\Programs\Filestar\Splat.dllFilesize
136KB
MD55892b7270c7a459127843237d661b8b1
SHA1a3ca0eb85ed0c932124bab1eb32224788e0e13d8
SHA2568d16a68fc18c2463e1a0172dc0364267fdbe22ac1ca2bb13cf93008a24fb1ef3
SHA512491141198de87ac77563594f3d0eaf732d160323aef890df627a5469816f71dee6d9d65823260dd6119043491334ef806ba8eb11f4a804af232bfaca8167f83a
-
C:\Users\Admin\AppData\Local\Programs\Filestar\System.Reactive.dllFilesize
1.4MB
MD5ef5a00287ad15393d41b12aa4b726ff7
SHA1624d34571fa15762ab38a01e94e74fc26250706c
SHA2562b6c31dfb1fc6019a42a007ed0e5e00574de6ea0c47fed0ca282bf3bb2771b0c
SHA512832e34e13bbf89fad118ac8f20e624901adf2461888f7b06b6f71d5d7d968bffe58801a1b1757225adf6605c2ed66c983aec4f1d78ea68a4284936178ced0b35
-
C:\Users\Admin\AppData\Local\Temp\is-5IGS6.tmp\dotnetruntime.zipFilesize
31.2MB
MD53f4993206f808b516676b0e976de9a2e
SHA1a6210a8eeb75268078454355264a803958293bc8
SHA25634537333814b61ed3763dd5861a5283050a01a3c9b043e4f1e74614b3faf7df2
SHA51224bb230a3721a3ea8fbde9f6e648496124b4de0ecba6b58918fc3f7a5bde8d818415e46531dd1bfa399ed3847a7f519fc94cf4d41896ff77652b6a615b79f54e
-
C:\Users\Admin\AppData\Local\Temp\is-5IGS6.tmp\unzip.exeFilesize
164KB
MD575375c22c72f1beb76bea39c22a1ed68
SHA1e1652b058195db3f5f754b7ab430652ae04a50b8
SHA2568d9b5190aace52a1db1ac73a65ee9999c329157c8e88f61a772433323d6b7a4a
SHA5121b396e78e189185eefb8c6058aa7e6dfe1b8f2dff8babfe4ffbee93805467bf45760eea6efb8d9bb2040d0eaa56841d457b1976dcfe13ed67931ade01419f55a
-
C:\Users\Admin\AppData\Local\Temp\is-5IGS6.tmp\unzip.exeFilesize
164KB
MD575375c22c72f1beb76bea39c22a1ed68
SHA1e1652b058195db3f5f754b7ab430652ae04a50b8
SHA2568d9b5190aace52a1db1ac73a65ee9999c329157c8e88f61a772433323d6b7a4a
SHA5121b396e78e189185eefb8c6058aa7e6dfe1b8f2dff8babfe4ffbee93805467bf45760eea6efb8d9bb2040d0eaa56841d457b1976dcfe13ed67931ade01419f55a
-
C:\Users\Admin\AppData\Local\Temp\is-BRCS1.tmp\Filestar.22.0.9.0.win-x64.cc4hC.tmpFilesize
2.9MB
MD5d917b25b5a5c0fa7291d21db24892a9d
SHA10e8aacdc28033ec4798d374844b73adbc90b07b0
SHA256c3c690cea6caa60ba6e257b4a6af2449cd021fb0700ba843981ce0816d6b45e8
SHA5122089451fb9580cc1d39b5b2af5f0b5816248c7941e46dee482d7f14ea2e56689fe0c7f7806cdb9e3a93e0b786ffeed8af59d891147fece3263dacb72082d2bbf
-
C:\Users\Admin\AppData\Local\Temp\is-BRCS1.tmp\Filestar.22.0.9.0.win-x64.cc4hC.tmpFilesize
2.9MB
MD5d917b25b5a5c0fa7291d21db24892a9d
SHA10e8aacdc28033ec4798d374844b73adbc90b07b0
SHA256c3c690cea6caa60ba6e257b4a6af2449cd021fb0700ba843981ce0816d6b45e8
SHA5122089451fb9580cc1d39b5b2af5f0b5816248c7941e46dee482d7f14ea2e56689fe0c7f7806cdb9e3a93e0b786ffeed8af59d891147fece3263dacb72082d2bbf
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\host\fxr\6.0.3\hostfxr.dllFilesize
366KB
MD5cc31dc8b7046570d73e759861eebb155
SHA11ca53e4dcbb1c605d2d067b6e5c38e0f08ce7ef3
SHA256f089f933eec4cecd2bb570d85bb857e380120c250d81b871cb3927e301bbaf4f
SHA512518d54594d91a6df042a39a44ed773058e539961a81e4ef553e8c568a723f67b3fd350174d58484f6edefd9922b45e248ba89bf42854cbc44d44977b75574ef1
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\Microsoft.NETCore.App.deps.jsonFilesize
32KB
MD5f5d5bb7ab29b2fd1955c87a2593c9b59
SHA1afdb4263e3f40f442474dd917eceacae99255b59
SHA2560449a4910a48e97c22487a7e55c9fa50d7ea401a0faacee65eb69a26ddb783ef
SHA512371cf693a6435a181ce23d1522df24da4b519d5be47b766716d6927c99dad79772959f36746c88dc822116080e32d128370b8f48901c4cdac35fa6af58cdd7fb
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\Microsoft.NETCore.App.runtimeconfig.jsonFilesize
159B
MD53fbd84a952d4bab02e11fec7b2bbc90e
SHA1e92de794f3c8d5a5a1a0b75318be9d5fb528d07d
SHA2561b7aa545d9d3216979a9efe8d72967f6e559a9c6a22288d14444d6c5c4c15738
SHA512c97c1da7ae94847d4edf11625dc5b5085838c3842a550310cca5c70ba54be907ff454ca1e0080ba451eacfc5954c3f778f8b4e26c0933e55c121c86c9a24400b
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Collections.Concurrent.dllFilesize
241KB
MD557b874e5b99c38b682a74c433141cf21
SHA1704e5eaa1962955efba8390b7659fd9241d2f0ec
SHA256643b41cceb2232584f78ee83abeaea9995dc4339e17960b35f381f8d9ae53450
SHA51219c5a522ba6bfed890a3e4de061d8813c3809852397ac6e8585d88969c410121dc68af1f49cf0ad926cc8a2392c7aed586008b253fe1ee77931a59a17316fa16
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Collections.dllFilesize
258KB
MD50e84eb681939e3ac44f4b73682135d85
SHA125e786e779eb557bedb5b0d3e9936a9a69cd1846
SHA256e0319a6fc8c7da9ecd44a60503d9da2654aa1b7177b9a91406dc2f71e1de13c3
SHA51227de4e6cfb62e6d08e555e252db23694d34cc367585e96aa83c2865368c0ef758871e6f1dbd5f67ab39ca2337b78c3907602179dff4384ab2075174e0001ec8c
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.ComponentModel.Primitives.dllFilesize
73KB
MD5b702c752fa9fb6a841bf47176a87f803
SHA1a603df01a434ab527e3f11c7f6b421872cda8a44
SHA256e7823d9e2dd9159e3f203a2da4b4cc622a928263f7e551009ae1ecafae1e1699
SHA5124eff5ace6a226f74ff5fc33d8d20c8dbc014cf4e21dba4d170bbbbb74fbf61e34224532773cf261753d2bc65c4f0d5927f909f3ad74ead7518e699e225791daf
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Linq.dllFilesize
525KB
MD5bf7f629a2413598cfee66263be25e5de
SHA1ba94ecd077ba880cc7b76f7dc5a9a02896c2d15b
SHA25682f89d35a84f8de9363312cec89936d154968a265d46cc01e68b1fa68bde0b77
SHA5125cf6c98bc945812726c03a1beb8e1df1752acdb7027c4e9b7353c30321a97c54bee9d7f891174235632aaa9012a22f858e1b2fc611c969ebbe67de967b249dc0
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.ObjectModel.dllFilesize
89KB
MD5282d4495ac9a1aba8790bbe1a67ba132
SHA1d3f713985f0cd59902a274a32389ee62720b9b43
SHA2563a0ce000db5f70d709cbb8bffca1d01e319ebf2745a619f6ba95beb15f026553
SHA5122ae954760416bfed932a6f6c0ae32869cf80de4e1144d3ab692200007e26f84318adb99607be09a41fad6351fde0dc2cd9869d565eee78d78472c3270c2c3161
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Private.CoreLib.dllFilesize
10.1MB
MD5879185455e611d24bda7ef5a108e0dee
SHA1d29fcd719fe6554ab25509c8e12bb47e0f3d405a
SHA2561088114a032fb108d8d6e1becf3e5e6de63f102e2dfa3b5bc861fe7bc698472f
SHA5120881826e162416ba586d84ed94f9d92a26cb62937fce54df393572c430a78b309fe631f225d1147484b5d39152f7b013e8a4644320d5bed0dedbc30d57bb1768
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Runtime.InteropServices.dllFilesize
50KB
MD5bab19d0cf885d55192b1e6a394618ce7
SHA18414c6ad333851ff9a503ffd09b903f6a81293dc
SHA256b6acd73145d7491d3908f93c79308c62d54d1854bdace8a2950ab23140346a06
SHA51263cae438463d7fdfda6b4c05d6a5ac538f5d36be5dd3112c0eef1e08311044427fef5aca31b7d9f6428564eaabb6ca9855790461d2791536fbeb143cd63bfa8c
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Runtime.dllFilesize
41KB
MD5530a2f36665ca2de5a0221179e71c672
SHA1212fb0017f5b781d67de1d75972ca72088f32300
SHA256e207fa74039b215ec2896987dced7aa1290c0c00819cd88b0e54321551c3fe90
SHA51297a8d0dc02bf1b4a9643d2a97989b85f94b552da1325e242f94f986942d25e0451501fa8a7734fe0a592d8e4d0ac3ed4f9d2a8e39d72d2f9dbc75ba97e19985a
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Threading.dllFilesize
77KB
MD5022a8543017d8a94954b481da5710185
SHA18e9a2f2493f031f4d97603a4c6e8dbdf5c2aa103
SHA25611f45946611e6dc0ce3ce897bc518fa87bbfffd8c916a5ebe8fdf4d20778154c
SHA512b9a1567a6fcd8362b43e9a162e7a8c8394a4edbc4767921f9917e60d63c751189fb16db8965ee5d1138ee62ee70ee8593b08b9f4fc4abe3d4f0b7fe8104fb1ce
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\clrjit.dllFilesize
1.4MB
MD55c84b3607a2f0d68a941768de1039fcf
SHA1858299df8e0f927cca55e32d135ad6e75b145f19
SHA256485ffda975e0b7856040d4689c14797b774c16991d8ebeceb60e1ee84d4e98f1
SHA5120f590a265dc22281533b38d3bbecefdccae57e10d9680055357d4e3c48f01fe47d33c956fdde43be8e7514a543318e22ffefd2ceb0b83b7dd087e9fb74f705eb
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\coreclr.dllFilesize
4.9MB
MD5780f40bc43b6241ce07cc44054f507a6
SHA19a6194f9a4b73b295d9bed1a644eff402b3256da
SHA256d079840280b152d04132b91c8b620fede520691529f10e4e756aeed8a9953327
SHA512ee4e770de08ff7f8f17eed6095d399176311fadf0eb35cc029563f5ba85c1eeb8df546edeef59a68387772bd258eaf73badd8b3ed5cef41b358c650adba6162e
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\hostpolicy.dllFilesize
381KB
MD5e6abf192d5420dd6062cfd1284ef7c13
SHA14afa426df5254265b9f7c4b157e3ebeb46cf1f34
SHA256ee5c213d1b9a9be67909b2dace4898c1a836a441177030f349cc79231612cf73
SHA512831c0077809c4f9a20faf1a6b04a6352a83b47d9baa020da6aea4dfdd494bcf8631a23740da290cdf2bf2985a74b5a8fd3bc24b806bf0d19d438aa5fa58705ea
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\mscorrc.dllFilesize
143KB
MD5837846d612d8ff449fc8edd172f4854d
SHA1798bd08a0575a3a23ceea837ead05dbe3b514353
SHA256e2c9a84309ff9415641b5f03b25f36e198b1670dd753c2d43a0271bc659ff1d1
SHA512565853a26ff0b7b3b00f284c539469a982409a7d98b63c85d6355a8da575cb96da9c377c23569589b9cdeaea4a455bccd6292d9e5aacd0818f10da85fed945ba
-
C:\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\netstandard.dllFilesize
99KB
MD5df0539e628c25230637a4d9723cd6f8e
SHA12be7388e011801de0cdc2871efc9a4b64773ce67
SHA256b7caaf3acbceaf9b6b0571e8718b6bd626421946601c40cf93dfeeae12f79851
SHA5126f702b9a63cf9f2db84f58842f3dc9c6f5408aee487cc76ab0b440633a9f26425b6131b8fc6c8f2c7e2a0306a51872aba3136a0792b49cd0e548e5559faead07
-
C:\Users\Admin\AppData\Roaming\Filestar\filestar001.dbFilesize
40KB
MD5d49836f28aa6c4b9bf26a01f50e3b65a
SHA13e0cdb47dd2efb6e7ff4c2fd2b1d26ff5be4ef72
SHA2567a52392efaca7b3ba9acf486c508ee01d027e60f742e3877f68fe44c7ef75d70
SHA5124b2402714cdd065fc67e426478b4a78e452198eb0475e77564cfbf140c8952264a5d03da198157fd29ecfd44c12d2b425a04b3315f7f760e36155ab52c97f3ee
-
\Users\Admin\AppData\Local\Programs\Filestar\Filestar.dllFilesize
1.0MB
MD58a4c8914bed691f09673d6ba8ff9be9c
SHA102379eb49535fcccc4135e4c2e2ac4b4660d446d
SHA2568764fed8880370efb45a501daf84667d2bbc16b44d380f525b7ee67789a36cd7
SHA51256b5f89e27fba8b75470e2b661a464f70af11f280c21d069f19299d9b4997e9d99136570c4cc239ebfa6568a9fb82c9cdacb1cf7819ff87425ffb354cc0aaaac
-
\Users\Admin\AppData\Local\Programs\Filestar\Filestar.dllFilesize
1.0MB
MD58a4c8914bed691f09673d6ba8ff9be9c
SHA102379eb49535fcccc4135e4c2e2ac4b4660d446d
SHA2568764fed8880370efb45a501daf84667d2bbc16b44d380f525b7ee67789a36cd7
SHA51256b5f89e27fba8b75470e2b661a464f70af11f280c21d069f19299d9b4997e9d99136570c4cc239ebfa6568a9fb82c9cdacb1cf7819ff87425ffb354cc0aaaac
-
\Users\Admin\AppData\Local\Temp\is-5IGS6.tmp\idp.dllFilesize
228KB
MD59a83f220bf8ca569e3cfa654539a47a4
SHA19d1fb7087c12512d5f66d9d75f2fbae8e1196544
SHA256b1c4c9b2dd6a40974fa8789b218b52d967f5ccd1b47e95b4f6bda4b6ce864d0d
SHA5129b6460aca9720a4762a28e78a0e5f3e7358f73383926caf7f4a071e66c79f1032abd131432387f108de27894c147e2f34f01b094b6688826ce78f007d9dafbc5
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\host\fxr\6.0.3\hostfxr.dllFilesize
366KB
MD5cc31dc8b7046570d73e759861eebb155
SHA11ca53e4dcbb1c605d2d067b6e5c38e0f08ce7ef3
SHA256f089f933eec4cecd2bb570d85bb857e380120c250d81b871cb3927e301bbaf4f
SHA512518d54594d91a6df042a39a44ed773058e539961a81e4ef553e8c568a723f67b3fd350174d58484f6edefd9922b45e248ba89bf42854cbc44d44977b75574ef1
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Collections.Concurrent.dllFilesize
241KB
MD557b874e5b99c38b682a74c433141cf21
SHA1704e5eaa1962955efba8390b7659fd9241d2f0ec
SHA256643b41cceb2232584f78ee83abeaea9995dc4339e17960b35f381f8d9ae53450
SHA51219c5a522ba6bfed890a3e4de061d8813c3809852397ac6e8585d88969c410121dc68af1f49cf0ad926cc8a2392c7aed586008b253fe1ee77931a59a17316fa16
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Collections.dllFilesize
258KB
MD50e84eb681939e3ac44f4b73682135d85
SHA125e786e779eb557bedb5b0d3e9936a9a69cd1846
SHA256e0319a6fc8c7da9ecd44a60503d9da2654aa1b7177b9a91406dc2f71e1de13c3
SHA51227de4e6cfb62e6d08e555e252db23694d34cc367585e96aa83c2865368c0ef758871e6f1dbd5f67ab39ca2337b78c3907602179dff4384ab2075174e0001ec8c
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.ComponentModel.Primitives.dllFilesize
73KB
MD5b702c752fa9fb6a841bf47176a87f803
SHA1a603df01a434ab527e3f11c7f6b421872cda8a44
SHA256e7823d9e2dd9159e3f203a2da4b4cc622a928263f7e551009ae1ecafae1e1699
SHA5124eff5ace6a226f74ff5fc33d8d20c8dbc014cf4e21dba4d170bbbbb74fbf61e34224532773cf261753d2bc65c4f0d5927f909f3ad74ead7518e699e225791daf
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Linq.dllFilesize
525KB
MD5bf7f629a2413598cfee66263be25e5de
SHA1ba94ecd077ba880cc7b76f7dc5a9a02896c2d15b
SHA25682f89d35a84f8de9363312cec89936d154968a265d46cc01e68b1fa68bde0b77
SHA5125cf6c98bc945812726c03a1beb8e1df1752acdb7027c4e9b7353c30321a97c54bee9d7f891174235632aaa9012a22f858e1b2fc611c969ebbe67de967b249dc0
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.ObjectModel.dllFilesize
89KB
MD5282d4495ac9a1aba8790bbe1a67ba132
SHA1d3f713985f0cd59902a274a32389ee62720b9b43
SHA2563a0ce000db5f70d709cbb8bffca1d01e319ebf2745a619f6ba95beb15f026553
SHA5122ae954760416bfed932a6f6c0ae32869cf80de4e1144d3ab692200007e26f84318adb99607be09a41fad6351fde0dc2cd9869d565eee78d78472c3270c2c3161
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Private.CoreLib.dllFilesize
10.1MB
MD5879185455e611d24bda7ef5a108e0dee
SHA1d29fcd719fe6554ab25509c8e12bb47e0f3d405a
SHA2561088114a032fb108d8d6e1becf3e5e6de63f102e2dfa3b5bc861fe7bc698472f
SHA5120881826e162416ba586d84ed94f9d92a26cb62937fce54df393572c430a78b309fe631f225d1147484b5d39152f7b013e8a4644320d5bed0dedbc30d57bb1768
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Runtime.InteropServices.dllFilesize
50KB
MD5bab19d0cf885d55192b1e6a394618ce7
SHA18414c6ad333851ff9a503ffd09b903f6a81293dc
SHA256b6acd73145d7491d3908f93c79308c62d54d1854bdace8a2950ab23140346a06
SHA51263cae438463d7fdfda6b4c05d6a5ac538f5d36be5dd3112c0eef1e08311044427fef5aca31b7d9f6428564eaabb6ca9855790461d2791536fbeb143cd63bfa8c
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\System.Threading.dllFilesize
77KB
MD5022a8543017d8a94954b481da5710185
SHA18e9a2f2493f031f4d97603a4c6e8dbdf5c2aa103
SHA25611f45946611e6dc0ce3ce897bc518fa87bbfffd8c916a5ebe8fdf4d20778154c
SHA512b9a1567a6fcd8362b43e9a162e7a8c8394a4edbc4767921f9917e60d63c751189fb16db8965ee5d1138ee62ee70ee8593b08b9f4fc4abe3d4f0b7fe8104fb1ce
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\clrjit.dllFilesize
1.4MB
MD55c84b3607a2f0d68a941768de1039fcf
SHA1858299df8e0f927cca55e32d135ad6e75b145f19
SHA256485ffda975e0b7856040d4689c14797b774c16991d8ebeceb60e1ee84d4e98f1
SHA5120f590a265dc22281533b38d3bbecefdccae57e10d9680055357d4e3c48f01fe47d33c956fdde43be8e7514a543318e22ffefd2ceb0b83b7dd087e9fb74f705eb
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\coreclr.dllFilesize
4.9MB
MD5780f40bc43b6241ce07cc44054f507a6
SHA19a6194f9a4b73b295d9bed1a644eff402b3256da
SHA256d079840280b152d04132b91c8b620fede520691529f10e4e756aeed8a9953327
SHA512ee4e770de08ff7f8f17eed6095d399176311fadf0eb35cc029563f5ba85c1eeb8df546edeef59a68387772bd258eaf73badd8b3ed5cef41b358c650adba6162e
-
\Users\Admin\AppData\Roaming\Filestar\dotnetruntime\shared\Microsoft.NETCore.App\6.0.3\hostpolicy.dllFilesize
381KB
MD5e6abf192d5420dd6062cfd1284ef7c13
SHA14afa426df5254265b9f7c4b157e3ebeb46cf1f34
SHA256ee5c213d1b9a9be67909b2dace4898c1a836a441177030f349cc79231612cf73
SHA512831c0077809c4f9a20faf1a6b04a6352a83b47d9baa020da6aea4dfdd494bcf8631a23740da290cdf2bf2985a74b5a8fd3bc24b806bf0d19d438aa5fa58705ea
-
memory/5076-116-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/5076-127-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/5076-1009-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/5108-128-0x0000000000400000-0x00000000006EF000-memory.dmpFilesize
2.9MB
-
memory/5108-131-0x00000000007D0000-0x00000000007D1000-memory.dmpFilesize
4KB
-
memory/5108-135-0x0000000000400000-0x00000000006EF000-memory.dmpFilesize
2.9MB
-
memory/5108-121-0x00000000007D0000-0x00000000007D1000-memory.dmpFilesize
4KB
-
memory/5108-644-0x0000000000400000-0x00000000006EF000-memory.dmpFilesize
2.9MB
-
memory/5108-1005-0x0000000000400000-0x00000000006EF000-memory.dmpFilesize
2.9MB
-
memory/5108-916-0x0000000000400000-0x00000000006EF000-memory.dmpFilesize
2.9MB