Analysis
-
max time kernel
263s -
max time network
259s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 21:13
General
-
Target
Application664a6b82cf275.zip
-
Size
72.8MB
-
MD5
6f7a65d8cc1d73d6377b7796e5aaf3c7
-
SHA1
8481c8d4b7dfafe086ac85b1cdc1222034fa0b11
-
SHA256
4bc48b44a70845b1d9667fb7182f8fef848b821a9dbcff1c1de0cc9fc85bf2ed
-
SHA512
b9ea40abdb98e75b48878fe8f14bdb93a7959efdb4f105e19f63a7686886477366dc01d309ab54247705d0911ab3c47be78cb6bc4e51d10066605bc77ca87a86
-
SSDEEP
1572864:mTW0tA7ochJ2Kufe5YDIoBxeb/weegXjmCGnnvzew62iZf35M+AL2FGIq1UkP:mTW0C77XbX5Ykobe0ezXjXcv363K+SP
Malware Config
Extracted
stealc
default
http://147.45.47.71
-
url_path
/eb6f29c6a60b3865.php
Signatures
-
Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Executes dropped EXE 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 28 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Application664a6b82cf275.zip1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Application664a6b82cf275.zip"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\setup.exe"C:\Users\Admin\Desktop\setup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\CdEWFEWfeSgreWdw\BWPNVJNXJU.exeC:\CdEWFEWfeSgreWdw\BWPNVJNXJU.exe2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=UZfBnXM8WuY2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa1aa146f8,0x7ffa1aa14708,0x7ffa1aa147183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3532 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6394546712808452100,2750553450630983240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:13⤵
-
C:\Users\Admin\Desktop\lic.exe"C:\Users\Admin\Desktop\lic.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2c0 0x4501⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\CdEWFEWfeSgreWdw\BWPNVJNXJU.exeFilesize
368KB
MD5d761ddd6b9e6480cf437df01d07ba26d
SHA10dcf98e4cf56e2f182d9a80bf1f5b82ba675ae38
SHA2565454cc245b35a3c1c6306965777c8bd88cfed4568b9b7e60830e33ff4bb4a2f9
SHA5121d976a4136f83c5c294ca4b224977fdcc5a276efb58412b84459ecc832f623eeac47f94bed9ef4eb89d3d5a9e5632034b1699807bb998953171edcb0adcd304c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
528B
MD5c144fe8af8cce80f0b53b0565dc966c7
SHA1d4d5fba8fbfb61dae38caad0120c75d396e791e6
SHA25604d8b79fee07bc6a244b9aa1373b0c26df8cbd1af65d87f0274065be90761159
SHA5121b33289f5055fcff54256a924bc6710b5f4b0d53f78b3db271fd313402379c85f33255374a5b045a5fa6648a3a54828a48cc33904b0bf143f003fa8580de273d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5fcad74c6a99e56567b145a0690883255
SHA1bea729a7b40bcef7178b160c0f419c235df82974
SHA256c8273c2e6fad75ffe9d30c77bb400abbde09966b194ae8a7a3d954deabd5397b
SHA5120e7148cb059f2d823eb3c1fbe359b4a2bd8c8621f671769479bf97d7df8a9207ee1963da3fad04a79fcb9559a725736f5527b591b01fff88aa58b94f6a35b5b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD55838d03e4335627051aec150a93064d8
SHA19873c544a1ffa327de61cd8e16c59f3434d1480b
SHA2569ed1d26a0bfb41765922255e16d2555c8cfc8f82e4a49c4e7e02210ecc2f3ca2
SHA512fd51978ff2900b85fc7a3b7366a8cb4d34843b85404af6a9a0aa23f51c644e50c915ae6301c7abffadc76c3c7c6fbcf5723259d1bf5ef4fa464cc6262fec1d84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f230a59fec6211969c81b13743961cce
SHA16af8f0103535728d3b5eae4324c3237313fc82d2
SHA256ddf5e14526f1534a4b6ebc9ab9818bc3758aa56cc01576520e51e8ab6fb5cc43
SHA512069d74597e3867246e5dc7a1442533de7bec1e7080d22168d9553f1e1c2ba680ffb74fb8ef11b4378dc8a24dbf4150319c396f1b3a6abdfdfe41051366d65841
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3269fd01-3226-4a85-ad8a-11ebf7d401d1\index-dir\the-real-indexFilesize
2KB
MD5f07905cdcabecaa7b91b07bb9c980966
SHA1351965a2ce8c190e1a68b94f7b8367c587863167
SHA256e57300d3f610ebe1a6a1c8c40c6704a890f1ed1c24e1d98da470ecddfa14330e
SHA51261082fc6cb40bb1610e87d74a3cacf76f703006868d0eca531809f6ed8a11708a6f550afdfd340dad08f0d4fc6bf98cb9aefb47002926f599317ef2804ef8c61
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3269fd01-3226-4a85-ad8a-11ebf7d401d1\index-dir\the-real-index~RFe5aa970.TMPFilesize
48B
MD5d1ae358fad5838439560f5fefd411b55
SHA1545faaedc5724bf0faad24aa14ade06ed840ade2
SHA25600cb4edf0d42310ad25bf5d48f9ccd5731580b0c4528983fc4a0da7343525eaf
SHA512476ca172b5df46db07bac9b61180ac293c839acd73cd2093be88bf6d7f5a99ae96339b61c5f42e5aeb514e5ee7a0a4fdf96b5f605994824899ae8efc9abc1c6d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
89B
MD5369edebdf4c336b4b9dfe42e1d9821a8
SHA133ae83aa7c0ac44cc199fedbc6d54fe0d9fa8ad9
SHA256ac30de4749bf6fe61b334e5a480bd98a1e4c6eb505d85bf28b6a78613699745b
SHA512b16fa5baf01fa65e850a7dcd5b0c86b50c25528d70cfa5177ed70e6fe596c74b72c5e3cd90e8dc2c3d0ba6e9e645080b525ea60774f33603c879aac476a5f38b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
146B
MD58a469aab50d82d56564f021f59b550a6
SHA1bb62ae29bd70ad42ca0af7e1db8ba47f682cd763
SHA256189f1058a4651bab790498d2ebd3dced735fe6ea9759ae428eed8a0cd4f72db1
SHA51287a66e593ceff174ad9240166202b8d6b8cc489427668e226e77061e33cd607f1cfa175ecaa4df487824328612327d20e274ba0cb81b7040744b1eac15d37c03
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
84B
MD5533c818638035c771f34f82631d36cc8
SHA1e078f9b95fa583ffcea528d63fe1bf242fb52183
SHA256602f8626bd55884324f2ed80abcddf16400ae55d088db5496aa65568ab205b8b
SHA5125256561bbde4d3456185f5e26d339b8db2c0a3e468f981dc7523642711f591c0f00a50d586ba36a1c7b2c21d14d29ad9729d5a88f0dcf29016568334c2653693
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
82B
MD58fcada2512f40e1a78fac912e6de49cb
SHA1fbdc8ef9f7fda3e7a7a6b2b1e08e88acd53e206b
SHA256eaa6be246cd58dc93fe406c2bde2e1765db31cb113fd7b486c5cda9e8cb5ee57
SHA5124af0da7292774b7df49a5b9377b95d7071216f6464823c5480747093d28b342566eccbe83ce86dc3a82e09ef05b6043d1be94ccd01850dfbea9ba9d08b6fb2c5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD5f43b5dc2658247e11740460a68bf65b7
SHA1c8b503511f3a0be6607c5d38d0d6cfdcb9d170fa
SHA2569a1de6e15c0dfab47ecf6bc0bcbfb5cc081c6e77ae7c8f87115e1a4635c5ced3
SHA5123d2c2db5597e62d9f092007d026216e42fbbdf559198ad818030a9ecf291651909c381fd9a50929c4fdbcc1ae98d58cd77ce2dc4d42acf1e52527a278dad3657
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a9f7d.TMPFilesize
48B
MD5c16f1166af9e2e4f4a94afa382b38133
SHA1e601a0df027b6be21086b3cea86aaa07ac7ed4fd
SHA2561771d957b102c7de3e8b75e350d2b466c1fa4e0004e1986d1d4a20d1ffa84ca7
SHA5122979910484ce273a48fd35217f7aaff3665cb0b88d39ba74cbc64e694ce51d9ccdfe53ac50194ad27ba609e2eeb2c2964f2156a19b79669cd0afab522799fdc8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD587f1a45c181c3acd0ce652a312f51f45
SHA1c73a8f2eca6ec6e8d29c8ec3c3dc0b319a0ee8c4
SHA25695c3163f6b154f78e76562e87bf4bfc89c6108860ec8331c1fc7e77ff0258fa7
SHA5121f22468e7804f4bf20472e8cd9318de0c402a800cd29da8def2830de1d00e35895f6a79245051824e3de545fab54e68f5321180bb0503f05874418b19f1bf28a
-
C:\Users\Admin\Desktop\data\data.datFilesize
1.2MB
MD5f2d3bcb9a38dfa4a90daccb9ca2a3b54
SHA17867f9902cd17d7af4e6a671a6e50c3dfd3ef9ad
SHA256f073ec203af3d6f8aeddcd8e0c2cc003009224fc3b3c5545eb3add89bcab0890
SHA512c3411d08305b6c46cfb1d1faa5e280e3a202859c54b2f4fa8383544085d8a13ec6ba2ff31bc8ba7719152ec5de9e03bc8170e73b04b9a76b54c9136ac8fe9186
-
C:\Users\Admin\Desktop\data\program.PNGFilesize
696KB
MD5a3d4494188555fd642820346806fd1d8
SHA153a37fb21d1fdc91cdea14721eeecac83cc2825c
SHA256ace20dad2b8ef82a5f8674afc8e9ca05f5f3f63efc798d66b43eb7124dc802ca
SHA512a4265bf8fb50fbdb1b13b3d03126b2ec354cbd4c0ee9baa51911700e1be73753f549b1a8cdace269b674afaab04b03f545a2a383f3fd8a0b7898b8498a4a25e4
-
C:\Users\Admin\Desktop\lic.exeFilesize
3.9MB
MD51e2d2f3f618279ed722045f6342793f6
SHA14b80a65885b4eb69fd6e240db592a8da8d7ad334
SHA256400a80b5166f7ad96f834fecea54ba07244ef90a40a9878ecf843c3e140f304c
SHA512dcec0fc10ba64fa47ea005fd9edc4b0396d613daba5723054e960766a3fa87b4dab06c522b200ab13dc135006f3f7adbb44c43c93fa9f0b2564c6d034dd41143
-
\??\pipe\LOCAL\crashpad_1960_IGBXYGQCIRIXXEDDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1324-122-0x0000000000D60000-0x00000000034F0000-memory.dmpFilesize
39.6MB
-
memory/1324-117-0x0000000000D60000-0x00000000034F0000-memory.dmpFilesize
39.6MB
-
memory/1324-119-0x0000000000D60000-0x00000000034F0000-memory.dmpFilesize
39.6MB
-
memory/1324-136-0x0000000000D60000-0x00000000034F0000-memory.dmpFilesize
39.6MB
-
memory/1324-115-0x0000000000D60000-0x00000000034F0000-memory.dmpFilesize
39.6MB
-
memory/1324-103-0x0000000000D60000-0x00000000034F0000-memory.dmpFilesize
39.6MB
-
memory/1324-124-0x0000000000D60000-0x00000000034F0000-memory.dmpFilesize
39.6MB
-
memory/1324-100-0x0000000000D60000-0x00000000034F0000-memory.dmpFilesize
39.6MB
-
memory/2396-114-0x0000000000400000-0x00000000007FB000-memory.dmpFilesize
4.0MB
-
memory/2396-148-0x0000000000400000-0x00000000007FB000-memory.dmpFilesize
4.0MB
-
memory/3964-113-0x00000000009D0000-0x0000000000C0B000-memory.dmpFilesize
2.2MB
-
memory/3964-108-0x00000000009D0000-0x0000000000C0B000-memory.dmpFilesize
2.2MB
