Analysis Overview
SHA256
7de3842235d0b7bf8bdb816b489adb512f4dc4d2306f37d0c4ecf57ae432794c
Threat Level: Known bad
The file 5f4be5cdf986f7164e129e9969ded010 was found to be: Known bad.
Malicious Activity Summary
MetaSploit
Loads dropped DLL
Executes dropped EXE
Drops file in System32 directory
Suspicious use of SetThreadContext
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-01-16 07:21
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-16 07:21
Reported
2024-01-16 07:23
Platform
win7-20231215-en
Max time kernel
141s
Max time network
120s
Command Line
Signatures
MetaSploit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
Loads dropped DLL
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
Suspicious use of SetThreadContext
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe
"C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe"
C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe
C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 496 "C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 524 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 524 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 532 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 524 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 536 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 524 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 532 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 524 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 540 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
Network
Files
memory/2848-0-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2848-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2848-4-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2848-6-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2848-7-0x0000000000400000-0x00000000004FA000-memory.dmp
\Windows\SysWOW64\wmplayer.exe
| MD5 | 5f4be5cdf986f7164e129e9969ded010 |
| SHA1 | bdc9bbfbb4418bdd0d384e731d2ec63fcc59ffa9 |
| SHA256 | 7de3842235d0b7bf8bdb816b489adb512f4dc4d2306f37d0c4ecf57ae432794c |
| SHA512 | fcac8b62d6c3665aa918c55f00adf3f188efb1c37626bd839d7b52473d4f4ecf5ce78d893724834b4b7921329ef3ebbfc09c509ae9122a92c390907b571247b4 |
memory/2848-18-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2784-28-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2784-29-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2784-33-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2580-41-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2580-45-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/580-54-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/580-58-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2944-67-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2944-71-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/572-80-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/572-84-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2312-92-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2312-96-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/292-104-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/292-105-0x0000000000400000-0x00000000004FA000-memory.dmp
\Windows\SysWOW64\wmplayer.exe
| MD5 | 904e4e34cc63bb5539926b45e0c30512 |
| SHA1 | 06200ddfdffe002ba1ebadf4afe22e527c93f561 |
| SHA256 | e26f837ef7c451c1f0d114eac752fd0893d797fa81ce325f7fce67680df021c2 |
| SHA512 | 8a7ba3d2859c7159c7ee77d23c82478f4636229932218112b80f3486c297ba67a97b21001c8ec04fb5fd99df43d69dd8bf8a657f07c1d7d21ce7d9a25bd54d64 |
C:\Windows\SysWOW64\wmplayer.exe
| MD5 | b8dc52d7ed6a8d7d025c234466e277d1 |
| SHA1 | dc16b2e49ae2ea2b9ad2614625fe04618e5105b1 |
| SHA256 | 404bdac97706a187e7a376b9f4095bcb53cf8d916cdbea0463660711c76258cc |
| SHA512 | 942b623650d49f09ff8b251f6acff9e56dfe1d65c7864e6157a1b0601fde2fbd1f4dc360b9d3ed7644fb47112a79204b504545609ce003f24b59bf2e2a801513 |
memory/292-109-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2844-117-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2844-121-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/3036-130-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/3036-134-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2040-142-0x0000000000400000-0x00000000004FA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-16 07:21
Reported
2024-01-16 07:23
Platform
win10v2004-20231222-en
Max time kernel
139s
Max time network
150s
Command Line
Signatures
MetaSploit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\wmplayer.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File created | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmplayer.exe | C:\Windows\SysWOW64\wmplayer.exe | N/A |
Suspicious use of SetThreadContext
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe
"C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe"
C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe
C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 1000 "C:\Users\Admin\AppData\Local\Temp\5f4be5cdf986f7164e129e9969ded010.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 1160 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 1120 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 1124 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 1124 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 1124 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 1120 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 1120 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 1120 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\system32\wmplayer.exe 1120 "C:\Windows\SysWOW64\wmplayer.exe"
C:\Windows\SysWOW64\wmplayer.exe
C:\Windows\SysWOW64\wmplayer.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/4032-0-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/4032-2-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/4032-3-0x0000000000400000-0x00000000004FA000-memory.dmp
C:\Windows\SysWOW64\wmplayer.exe
| MD5 | 5f4be5cdf986f7164e129e9969ded010 |
| SHA1 | bdc9bbfbb4418bdd0d384e731d2ec63fcc59ffa9 |
| SHA256 | 7de3842235d0b7bf8bdb816b489adb512f4dc4d2306f37d0c4ecf57ae432794c |
| SHA512 | fcac8b62d6c3665aa918c55f00adf3f188efb1c37626bd839d7b52473d4f4ecf5ce78d893724834b4b7921329ef3ebbfc09c509ae9122a92c390907b571247b4 |
memory/4032-10-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/5024-14-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/5024-15-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/5024-17-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/4632-22-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/4632-24-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/1256-29-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/1256-31-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2204-36-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/2204-38-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/4052-43-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/4052-45-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/1580-50-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/1580-52-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/4820-57-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/4820-59-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/1376-64-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/1376-66-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/3164-71-0x0000000000400000-0x00000000004FA000-memory.dmp
C:\Windows\SysWOW64\wmplayer.exe
| MD5 | 317cc731079dba5b72b6cc95183e7eff |
| SHA1 | 905c5fc402dca354115ed11e16b236efe1ba8e19 |
| SHA256 | 2306b6df780429f9680cd7e458a7bbd61497b8b7a985260f658aa9ef5bdb7e17 |
| SHA512 | 17615491a5da39e058ffcf88c71e488502a1ed886b6fcfecde23525490e96b1cd3a9567b3493782d89fa61a47f579cf863a682cf07449d9576a9590f42a94407 |
memory/3164-73-0x0000000000400000-0x00000000004FA000-memory.dmp
memory/1032-78-0x0000000000400000-0x00000000004FA000-memory.dmp