370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd

Analysis

max time kernel
60s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
28-08-2023 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

windirstat1_1_2_setup.exe
Size

630KB
MD5

3abf1c149873e25d4e266225fbf37cbf
SHA1

6fa92dd2ca691c11dfbfc0a239e34369897a7fab
SHA256

370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd
SHA512

b6d9672a580a02299bc370deb1fd99b5ca10ab86456385870cdae522c185ae51f8d390a7c50fcb5c7898523f52c834bb73515ffc6d0b0bcde210640e815ece9e
SSDEEP

12288:yCjeMsiGVBKvjxTNlZaLlcMj+wXZvQpd9nP2+ZMU2tYspZcMwr/GNd35:yCjeTZa7BTsxewXZUTP2HU2yawjY5

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

windirstat.exe

pid process

2732 windirstat.exe
Loads dropped DLL 5 IoCs

Processes:

windirstat1_1_2_setup.exewindirstat.exe

pid process

3756 windirstat1_1_2_setup.exe
3756 windirstat1_1_2_setup.exe
3756 windirstat1_1_2_setup.exe
2732 windirstat.exe
2732 windirstat.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

windirstat.exe

description ioc process

File opened (read-only) \??\D: windirstat.exe
File opened (read-only) \??\F: windirstat.exe

pid	process
2732	windirstat.exe

pid	process
3756	windirstat1_1_2_setup.exe
3756	windirstat1_1_2_setup.exe
3756	windirstat1_1_2_setup.exe
2732	windirstat.exe
2732	windirstat.exe

description	ioc	process
File opened (read-only)	\??\D:	windirstat.exe
File opened (read-only)	\??\F:	windirstat.exe

Drops file in Program Files directory 18 IoCs

Processes:

windirstat1_1_2_setup.exe

description	ioc	process
File created	C:\Program Files (x86)\WinDirStat\wdsr0405.dll	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsr040c.dll	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsr0410.dll	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsr0425.dll	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\windirstat.exe	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsr0407.dll	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsh0407.chm	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsr040a.dll	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsr0413.dll	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsr0415.dll	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\windirstatA.exe	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\Uninstall.exe	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsr040b.dll	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsr040e.dll	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsh040e.chm	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\windirstat.chm	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsr0419.dll	windirstat1_1_2_setup.exe
File created	C:\Program Files (x86)\WinDirStat\wdsh0415.chm	windirstat1_1_2_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 1 IoCs

installer

Processes:

resource	yara_rule
C:\Program Files (x86)\WinDirStat\Uninstall.exe	nsis_installer_1

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

windirstat.exe

description	pid	process
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe
Token: SeBackupPrivilege	2732	windirstat.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

windirstat.exe

pid process

2732 windirstat.exe
2732 windirstat.exe
2732 windirstat.exe
2732 windirstat.exe

pid	process
2732	windirstat.exe
2732	windirstat.exe
2732	windirstat.exe
2732	windirstat.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

windirstat1_1_2_setup.exe

description	pid	process	target process
PID 3756 wrote to memory of 2732	3756	windirstat1_1_2_setup.exe	windirstat.exe
PID 3756 wrote to memory of 2732	3756	windirstat1_1_2_setup.exe	windirstat.exe
PID 3756 wrote to memory of 2732	3756	windirstat1_1_2_setup.exe	windirstat.exe

C:\Users\Admin\AppData\Local\Temp\windirstat1_1_2_setup.exe
"C:\Users\Admin\AppData\Local\Temp\windirstat1_1_2_setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3756

C:\Program Files (x86)\WinDirStat\windirstat.exe
"C:\Program Files (x86)\WinDirStat\windirstat.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\WinDirStat\Uninstall.exe
Filesize
46KB

MD5
a127e6118b9dd2f9d5a7cc4d697a0105

SHA1
9ac17d4dcf0884ceafacf10c42209c0942dfe7a8

SHA256
afc864cfce79b2a6add491a27ea672d958233ed7a97a2cbbce60100d2fa1e670

SHA512
0e57d2856c02c55d477d9b3cc1d4bf5ffa3650d4b20be18b0a9e614d19143aee325c4cd92ff31bbddf6e93cd3ebeb47d8727de6e25faa366341cc71117122065

Download Submit
C:\Program Files (x86)\WinDirStat\wdsh0407.chm
Filesize
54KB

MD5
64aa305e920630d0f813691f4187c496

SHA1
4bbc9397c16de7cd9869252632fe038b8f8ad384

SHA256
181a23a56b7649d5e1c882786de531fedfb9e80a58c96ad92871f72a626eac14

SHA512
fde86a9a5b55756371af0d4bbb7a0b542b9765503657368540a651d153f84359fdb75522331b7672a0c242c107765e5c0ce717f60b18ff8b1bd2ef5aee44351d

Download Submit
C:\Program Files (x86)\WinDirStat\wdsh040e.chm
Filesize
57KB

MD5
bc90b966e06c5c20486815809606c77d

SHA1
12d7ba627d77187c1a41b552ab3c6556ba4a4823

SHA256
8e54bc2dd576d4bfe241e37305a525d80fd9839ed0de2e34abedf49c7f23f5cf

SHA512
26047532e3d6c495dc6a7b0c8d0479018227c189f1c0228ea83a209b5422ac88188c9e9cb7422ec02fc8c9dbc0ac3ce2588a62d8648fde616b9cd61b85a155b9

Download Submit
C:\Program Files (x86)\WinDirStat\wdsh0415.chm
Filesize
55KB

MD5
de97a75cfa6d6cbf91ba68c0c90695c1

SHA1
5932fd0fadb6ef284605e2410b5045dcc131ac93

SHA256
bab7db85927f846a6ac584d5fc3fb522e812fc1e505e333728f85efd16b50238

SHA512
7714be7430c309d2b63dfd1e90446925f417ee500b06350f595d43b9c0db121339151ea7e0440922dd6c11534e23572da3d2c9d31dc21c808a8a840ec8e0f172

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr0405.dll
Filesize
56KB

MD5
8eee4f1cde4b0cfd0365456040e05364

SHA1
b38200f4a3af27a59ec08fde2c6aaac4727dffbf

SHA256
7463df064c98cdb501b2310dcac878f9210a303d50d79431152e3031ae1a224a

SHA512
17da577977c6766dc56ee08726ae77f4cbbf83da1037c976d8ca36c7149bee56fd691ab735fc4a12721d86860fddc39ff99bb74aa515de96bd2da0596fbd33ab

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr0407.dll
Filesize
60KB

MD5
619767bb217f6d1754e018926753e89f

SHA1
cb731df1d74ceec090cb55fb76e9dfd6e4337400

SHA256
7867b69c5deff7f949e58eb3ff1b266e66ad3fd252c52334927114e7c53ce27b

SHA512
8bb7c717206a3b86bf4c5d46d0a838373ae557708040656f9c2cb47db5f38165bb9160545d2f6d9200b9ff59160292f88044abd997bcc01e46b40a4dcf58318a

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr040a.dll
Filesize
60KB

MD5
cf69ec4f622ab3efc0d59c94c7861d3c

SHA1
8baa748295cb941e1693e4c2a298343fbfc5c048

SHA256
75ca96992380e5b8e323310a01c8a68805ad76223197d2bdaecc03817d233dea

SHA512
dcc99395fed596e6ef7a959731254093e73fa006a14b0ecbe6f780a9d8236428d9e90024e016d5f1bdbf323e1fe01ffa3727c9d09a8666ef2745dc56462ed6cf

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr040a.dll
Filesize
60KB

MD5
cf69ec4f622ab3efc0d59c94c7861d3c

SHA1
8baa748295cb941e1693e4c2a298343fbfc5c048

SHA256
75ca96992380e5b8e323310a01c8a68805ad76223197d2bdaecc03817d233dea

SHA512
dcc99395fed596e6ef7a959731254093e73fa006a14b0ecbe6f780a9d8236428d9e90024e016d5f1bdbf323e1fe01ffa3727c9d09a8666ef2745dc56462ed6cf

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr040a.dll
Filesize
60KB

MD5
cf69ec4f622ab3efc0d59c94c7861d3c

SHA1
8baa748295cb941e1693e4c2a298343fbfc5c048

SHA256
75ca96992380e5b8e323310a01c8a68805ad76223197d2bdaecc03817d233dea

SHA512
dcc99395fed596e6ef7a959731254093e73fa006a14b0ecbe6f780a9d8236428d9e90024e016d5f1bdbf323e1fe01ffa3727c9d09a8666ef2745dc56462ed6cf

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr040b.dll
Filesize
56KB

MD5
4a5a97171af49b09f1c68ba7a9bdae34

SHA1
a6ed7e9ed8a4d9b462378571346fba1d40f1c75a

SHA256
d7fb9404282ca467e0f3e80734a388885c219269d3e9ee78bb66ee9201803ae4

SHA512
51a0f250cbd115f532970a291ef477de89cff786df28ee8729d35f68c8cb0f018a58e9edbaf758ff11172b68952f8fe3b74ff8ca6e8e62a482712126ddd40323

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr040c.dll
Filesize
60KB

MD5
ed8a32ce3b4edbd63b6ed2b6d5ff5d5a

SHA1
ebb687857dff99fecc532e254445a8f3abb89e6c

SHA256
acd0c6b92acb5793a94e820c4d418bd6114c97fe2b9788de73879b8bf220a717

SHA512
8b3d9a9d0c684c4b1563abf9c65e511e0b42ac0161e9d4ea811fbee2beed05ece24450f4c997294ebb8330f2ead6688041c8ba528889205ec93ffb50fc8671e9

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr040e.dll
Filesize
60KB

MD5
08b9dbd8b49783f4d04f9ed4b1ecefa7

SHA1
76852aae0722e20e21e67b2fb27f2ff70d5a1f87

SHA256
3bb682f3088fac19c4d53b3766a3793630ea19d2be33cb0f26f7f9e5972dc221

SHA512
429201eef6b9c40d3330345ce2765e8038f488d90bcbf2b315d365f370d00ba2be7b245492b42dadbc220ce464f9b64b1985d4f958e4c9d26aacbd8b854b9c0b

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr0410.dll
Filesize
60KB

MD5
fc6f4868c21cc2b2c58882b3956462c5

SHA1
2aceeaa4bd9557880cffa3603cd25c51e9ce5a1c

SHA256
e9c30274fcdeaa43acaeba3eac86628107ef60dbea723ececa97008b80f40fba

SHA512
34990a37f943a3953cc638ba56cd6251f2609eb3b5befa11c888b1d1902ae3724b6e8141706caa616b63245ce9dd75fa3ff2bb63d6e2f53a496692e280647ffe

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr0413.dll
Filesize
60KB

MD5
7d7e18f5cdeb3502e9e7aefb49b2aec2

SHA1
e5e3f4ca6105546e0ed3d057680fca9c07317ab4

SHA256
b76f0d27ee66d4bdeb0b12ca7ef8773a563d57a0167ecf151c74837209a86e0c

SHA512
b19a2f273ded1596b9684c50d6261631256ca6666160beabf4abb607845a9d0e743cb98906ab80f99d595c92c80ffccdd7397922bc084e05d91d38879836734b

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr0415.dll
Filesize
60KB

MD5
b42cd5ebbc8170865a6d1375044aaaac

SHA1
95ede895c956e97b9be0295066cc671e3e69be06

SHA256
f47cdc2d1ff1c77e3f4e008862d2cf632dc3db5145fa6d2886a0d066c0811eb9

SHA512
33a4910e17a64446cdfc95145c0a347e4d541f9d88c082eedaf672f4e1cf208ab43ce267d9cf9733d49c4373610e9ac84a4cc96ce71be742868d04bc9d8fdce3

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr0419.dll
Filesize
60KB

MD5
4b8486682deabddcffbb4bea3e38c4ff

SHA1
bc006cf4eb5e5f39be1d824de9eb17de433506c2

SHA256
43b0d07767c8fb8aadcaa976bec7f748bbc2591085feb500eb1a453ccd4b982f

SHA512
14a6cbfe32854ea263f02fa8494ab5499acae0ffa32b77dec24bfc9f96e91a8772297a2e538f3504f81e9ac6336b9b66c075b76e16207d08e25126e9d7260d8e

Download Submit
C:\Program Files (x86)\WinDirStat\wdsr0425.dll
Filesize
56KB

MD5
d8e5d81fdaa2524ecf7d1233e2f7b4af

SHA1
d40835cc04730d6fd510fe2ab7bdbfa8cb20c31f

SHA256
7ff8234e53b3c7328b179fd6a7223eebea8f73802afaf7fb06ee9ca2b279b8e7

SHA512
c0e1c81bbae262c4596017123d8bc9a66e31a213ef9f3aeb5594a22d087d8ff1dcd0d8f4fcce114c69ccff499f850b9f4938218762e44a3ba99626092d7b3d70

Download Submit
C:\Program Files (x86)\WinDirStat\windirstat.chm
Filesize
50KB

MD5
1bddb8a0e0f9cd90a5b3936ec2c2c4cf

SHA1
c8302168fb532fe03e76cb8a82aa53b49ee0bc44

SHA256
1e87c07744054709d271337d8ce06929429b334d70875605cb68ecc4c6610cd1

SHA512
b857de9026b3eab13f4dbc464e6403835e3a61e5e9e3566735bf1ddd8dedc4ecf08807b27207bd8b385250b71ea234b301dd49e6f3c90f1270ae03868c035472

Download Submit
C:\Program Files (x86)\WinDirStat\windirstat.exe
Filesize
636KB

MD5
24cd9a82fcfc658dd3ae7ba25c958ffb

SHA1
26e14a532e1e050eb20755a0b7a5fea99dd80588

SHA256
cc3ee246f2710dc9ba9e2a88e3192b88f1db4caa2eefb8641642a33df04e585c

SHA512
4de675be1f7d618d133ef24765a027840473e0c5bc93550d5e5fdbf078edc74c2241e6e3cd8753517e2954c7f09b9909028de7b727294d723fb5700658c7979d

Download Submit
C:\Program Files (x86)\WinDirStat\windirstat.exe
Filesize
636KB

MD5
24cd9a82fcfc658dd3ae7ba25c958ffb

SHA1
26e14a532e1e050eb20755a0b7a5fea99dd80588

SHA256
cc3ee246f2710dc9ba9e2a88e3192b88f1db4caa2eefb8641642a33df04e585c

SHA512
4de675be1f7d618d133ef24765a027840473e0c5bc93550d5e5fdbf078edc74c2241e6e3cd8753517e2954c7f09b9909028de7b727294d723fb5700658c7979d

Download Submit
C:\Program Files (x86)\WinDirStat\windirstat.exe
Filesize
636KB

MD5
24cd9a82fcfc658dd3ae7ba25c958ffb

SHA1
26e14a532e1e050eb20755a0b7a5fea99dd80588

SHA256
cc3ee246f2710dc9ba9e2a88e3192b88f1db4caa2eefb8641642a33df04e585c

SHA512
4de675be1f7d618d133ef24765a027840473e0c5bc93550d5e5fdbf078edc74c2241e6e3cd8753517e2954c7f09b9909028de7b727294d723fb5700658c7979d

Download Submit
C:\Program Files (x86)\WinDirStat\windirstatA.exe
Filesize
632KB

MD5
3f3dd4476249ae664e3365e5bb651601

SHA1
752e1687d58de3bef927d9ad24c0ed3da3754e17

SHA256
f12d0929055567eee4b5842b7e59c34585a03191447de682dc729ad19aa2314f

SHA512
c9d38fa61fac0f48e8c2bc319c87df31f1ee49e8bc383ce348042480e1f0d0c28f198fbfa8cb6dd62f5767ae51ce8e67a7f527213fe1043987add465f1ba97df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1181.tmp\InstallOptions.dll
Filesize
14KB

MD5
9b2ad0546fd834c01a3bdcbfbc95da7d

SHA1
4f92f5a6b269d969ba3340f1c1978d337992a62c

SHA256
7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37

SHA512
5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1181.tmp\InstallOptions.dll
Filesize
14KB

MD5
9b2ad0546fd834c01a3bdcbfbc95da7d

SHA1
4f92f5a6b269d969ba3340f1c1978d337992a62c

SHA256
7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37

SHA512
5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1181.tmp\System.dll
Filesize
10KB

MD5
4125926391466fdbe8a4730f2374b033

SHA1
fdd23034ada72d2537939ac6755d7f7c0e9b3f0e

SHA256
6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5

SHA512
32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1181.tmp\System.dll
Filesize
10KB

MD5
4125926391466fdbe8a4730f2374b033

SHA1
fdd23034ada72d2537939ac6755d7f7c0e9b3f0e

SHA256
6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5

SHA512
32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1181.tmp\System.dll
Filesize
10KB

MD5
4125926391466fdbe8a4730f2374b033

SHA1
fdd23034ada72d2537939ac6755d7f7c0e9b3f0e

SHA256
6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5

SHA512
32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1181.tmp\ioSpecial.ini
Filesize
799B

MD5
91c78c04dbeb74f99e2a41f52e51a80c

SHA1
6e2fe4f78646b3c383f490972266fec15e1a6cab

SHA256
729bbbc6ec9102443628f1cdd369584377408928b8d1d90289f3060589e352d4

SHA512
d9dd1927ce0b9476cfea0fa04ba8c37f55786250bae160085a24b3751d316776c288fffa893d2833364ee162e3e4807014160538e6af79b08b6bc48914bf5023

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1181.tmp\ioSpecial.ini
Filesize
725B

MD5
6d2b819f297822fcf0c190d1e86838bb

SHA1
30861eec340fce2b36234b99c124100714a68266

SHA256
beff18a6cfa451d5df94134d9d4f2baebe1c95467eeef2ee6500907054d37a59

SHA512
89e3961084d3488f2a35429447b5de921f61150874932874a9c68a929d70a65aae336cae7c65ddf82ad81c71beb3ae342c0396ec0aeafd278a4c87e9b0a89428

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\Help (DEU).lnk
Filesize
1KB

MD5
b815aa86d121f7f02b303f4c10beb6a9

SHA1
b720193e998a248ecf5083533205c37f32479d08

SHA256
9086f76c08ebcff1cbea662994bcb178d2af6f83b9d45fa4e5aa63530155785e

SHA512
66947c28538d0e87a2fc7aea9ced3fedb00215007e9c61a64eb96580c3ce9251378e96668f6edf4b507b2ab2d19ab9993702d0413daea4ea98af9b6efe62f9c4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\Help (ENG).lnk
Filesize
1KB

MD5
9707258dcb7ff770cd6a3d06707246c1

SHA1
bb6fd93cc06811be68be70bb15d76510a13c14d0

SHA256
0b88b4a7ab08046625302935aab5d35b4f8d9ba159398e7ce6ec354830f0b265

SHA512
c1117261011f00284c035d236a77f2b5d01664cd9cd90f6382c6b6aad90a7c33ecdf10709feab425d88acde8104ff2069362254a19d76311f3a30e3ac0065d53

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\Help (HUN).lnk
Filesize
1KB

MD5
d5ca5df4231a773fc170397b36859c60

SHA1
4db697efe402c22435e8cf8b455b57ef6c495dff

SHA256
73cc3b162a6cff4849b92663b83869d22805f203aa776d790bcdc925f7f5cbe3

SHA512
5e9b5131ff1f69cc0c22b6e93c568cf320f3c314cfd306205268ba922a2891bfeed28142a4469e08a2c74cfa7752f5bda88cb83948601d3df407fd0f3918f69f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\Help (PLK).lnk
Filesize
1KB

MD5
50c356ba691ce421b23215d8865378ca

SHA1
b07f5b1b32d5d97faac464ad495dcaf871f8acae

SHA256
6d8f569092fb035982af64158aa53ec4e06c3feb7d7b07594aa445f82ef42521

SHA512
3950ed5380036069adf2f80c2a23bd49a620d852b7aa889ec85519f2c79630927029e0e1fc84104f379e5be765c0630fc6cad3b08b86b7dd14593f8ec7049641

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\Uninstall WinDirStat.lnk
Filesize
1KB

MD5
c63e26e9d2d50179ba30e56fcf5fe833

SHA1
95b23b024ca939d1e57b1f5c7812ab302dd1b04b

SHA256
d854ae77f1b79dea553aa6a9514711311a55e5d957e5b2a6dec1b326d9e7578d

SHA512
a43d749a9d5c110496aed55a1d60162f8bc4beb06f2fcf28ccefd48e97dd06ac2a11c160c713873cdbea5a78bb6a0875fb69486fce8a9c1772121f11d3d01e0f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\WinDirStat (ANSI).lnk
Filesize
1KB

MD5
525bafc724c15c491f017c9e12523c00

SHA1
05b5f20d9224689d653253e15800713970ecaa9e

SHA256
a22a1316b1111fd7151b84e0ccd0b40f442f43d65a94a7239aa5b747b5e1d2f4

SHA512
317ad72567329d29668c93b15c6025126c8afe0e037bfd4a72c9665dfb9c194bd2e75559f2950a047a784609a49570b8e93cfbbbac2d9c9b520c923b9a04f7c4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\WinDirStat (Unicode).lnk
Filesize
1KB

MD5
ca26c619c977ac99c55141c58c483eac

SHA1
5778f9adbdf010f7700089bba395d1dd561eee50

SHA256
bfd14a77d395ee1db9dace917e2e39d39550a8aeda48cd876c8a0b63d32084e7

SHA512
c059139d3af73c79b34253eb366ffb676040411a7b5a073239aaaff9cb17c8ce90608c2f2f03e29abb5a22098b498a806cd2871b1f2813f423005d3468b4fbaa

Download Submit
C:\Users\Admin\Desktop\WinDirStat.lnk
Filesize
1KB

MD5
1fe0e93c27f18a31ff6666b1bb556b9d

SHA1
181b524894b4b763906837ca0d44f9e08c1f10e8

SHA256
79fc8499df37dec6b5361b369e9beaba171a8f5ce39620edaf85dee1d7532ff2

SHA512
b939aa61cdfc8f41f8552e06641508595f65c39170b266c3cca348bbeb3ef7075b4249164bd752c163a416a12409b45ffe68b40a25c47efca3c9b285838f5433

Download Submit