Analysis
-
max time kernel
1557s -
max time network
1345s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
18-07-2024 14:09
General
-
Target
file.ps1
-
Size
1B
-
MD5
7215ee9c7d9dc229d2921a40e899ec5f
-
SHA1
b858cb282617fb0956d960215c8e84d1ccf909c6
-
SHA256
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
-
SHA512
f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Windows directory 1 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Kills process with taskkill 2 IoCs
-
Modifies Control Panel 19 IoCs
-
Modifies Internet Explorer settings 1 TTPs 31 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 46 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 15 IoCs
-
Suspicious use of WriteProcessMemory 28 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\file.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe" SYSTEM1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe" SYSTEM1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe" SYSTEM1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl ,11⤵
- Modifies Control Panel
-
C:\Windows\helppane.exeC:\Windows\helppane.exe -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\control.exe"C:\Windows\system32\control.exe" /name Microsoft.FolderOptions2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" shell32.dll,Options_RunDLL 03⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://c;/1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskkill.exe"C:\Windows\system32\taskkill.exe" /f /im explorer.exe & start explorer.exe1⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im explorer.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini3⤵
-
C:\Windows\explorer.exeexplorer2⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini2⤵
-
C:\Windows\system32\taskmgr.exetaskmgr2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\$IOTA03DFilesize
544B
MD5b431ecdc11a656be17f1a88a8ac5e5c8
SHA14df02f49eec33ff9e7e309ccd8e77168419603cb
SHA256b6778433d817cfc2763b77344c6d3fafb0f12f14af59cdf1f8347e7c37b3f7f5
SHA512874d4d3d8b09719ad9c63998bf270b7e0b28c47849b42628211029bcb6030fe96b90a02653a1011b9520731ee6f18a29f5c556ed234232123c005fa2d659bc2a
-
C:\Users\Admin\Desktop\DenyStop.TSFilesize
714KB
MD5cf211faf66605437f2f0ddfe0ae9937c
SHA1143ee4223ffc5b88df1bbcaae1749de217e8c977
SHA2569e8e6b89a89177f8639163a73e0a07b8050058db2fe68ef9e03cc90ff046438d
SHA512655039b039547ccd9de779da14c0c4c1c8445fbea2f6025c8e40a0d63ed730e1fa92d610c36477550d4ea8dc474d8a6cedc7098f9e27ebd8539b5049dedf0f0a
-
C:\Users\Admin\Desktop\EnableConvertTo.m3uFilesize
539KB
MD50fe241eb7b3db95d206e8a781ebd3bca
SHA1c20550342bffef45c9746aa485a9bfbb12e44f25
SHA25616142674a985712eeeb5900855090e2969f2f6d5939a28feac6ccc603d4a145f
SHA5120f9b063991793d65e5e0d98c7ae7d948b15ef6925860fe776dbd9d7aa88481a8c1f04a7aa99fadd88efa51ed3b967ca8ea847cc599e81425923a281eaa698a6b
-
C:\Users\Admin\Desktop\FormatTrace.ttfFilesize
609KB
MD51ac982b3989aca9fc2b00c2417f6dd49
SHA123ad5a8f0c117e277d138312e702116f0d8e8235
SHA256c9933ec6199b6833f0153f271b46e20c5dc75106625cab82ca38111ab5c52346
SHA51241d062111174ad82020dd7b59e5150537b1ccebefe5cf3f2129c4cdcd616cf16347f0262ef6d0b1f837ebfb028034122d330e3a04a133b00dca44a01f1412743
-
C:\Users\Admin\Desktop\GetMove.bmpFilesize
922KB
MD51bc473a1d2095fe158cc3c7754c695f8
SHA1b49ae4db6a9e835b34c4bdbdaaf555c4793c3c2a
SHA256c7d1be14c2e7fd446133051ac1f55d314698cccbdcf8021618de3f4a88ae7223
SHA512a232daf5c4a6cb11b7627af08a7de6d24c0fba67e1400d73f07129ac4a8e10443cb970eb1a497c75b945a013ac042741e5fe1b6ded0937302d3db00c4a0f6851
-
C:\Users\Admin\Desktop\GetSet.easmxFilesize
748KB
MD537f4bdef1b4237a99b6e452663c351b2
SHA1e6b99a9d192d534c8be1f6f086ea4c7ef4c19245
SHA256ad7e6e2a53c92b7be8008c745d5f26a8189590a234d6da6e64cad1c7067e8528
SHA5124406e00f417d8517a5d4357232c97bb564e8da9300915350905b604ce2c40e54ecb7e0c6da903d19743942cd0ebfe6d3cb53b6d6cf1d7e868af42ecd786672bf
-
C:\Users\Admin\Desktop\ImportCompare.xlsFilesize
853KB
MD50641a247347bacb596686fbd1aa1f840
SHA1faf9d99cf7738ec3729009491fcad8478e6c818d
SHA256e37086657ea5b885ef2e9eba1d9fdae7de7831217ccebe354d5f8b4fb18c041e
SHA512dc86228b1b2d619946c57f6a8c560faa8e465371dbc70ccf1546efd80cf2a903248519195c7f45184a7eefd7904f72b5305d76e805472e768fc4037a1383f4d6
-
C:\Users\Admin\Desktop\InstallHide.htmFilesize
818KB
MD58f1048b77e5e400fe208efcb9db4bbef
SHA1a37cdd78c44f0372b20dd080c0f3baa9b78ee38c
SHA256cbad9ff3207f16b2e75595357c49e02e7e92e0bcc3cc94aa935ba0a659c85ff8
SHA51256ff2531a21df5c15790c299d43fff59ac684dbf70189fd85a75346f7d4f50215d8f58038b11e915b7347033d0d59c1afe2491d683b63a31e68c867f8f3684c6
-
C:\Users\Admin\Desktop\InstallUndo.wmxFilesize
470KB
MD508b57afab3869daa9e02e491c07a1986
SHA1c884632a4a8ce1590f060293e6c402c64f1ce48b
SHA256f9c37d4af130acbdbd98975682dd9abbea07fcc07d2812756a6e3e14d9368e1a
SHA5127192f0c2e5338cc168a0e241fabb10756ecda8474c4d9431d87974a6351b97b134a36c6937ff024ad8e8f3abea46928439b5ad344c485a7d1c8ebea599cf242c
-
C:\Users\Admin\Desktop\InvokeClear.tempFilesize
505KB
MD5d7bae9814e3b5b12210d389d49126d70
SHA17ab7048d454c1f4a181332a0570d0da4be1d2676
SHA2564d1500649c01f3b917c38a7441fec6b433afdd54defa94870578c1808c498859
SHA5126dccff0f9d87697f8002fa0f78c465559b231aa49731e0ced42fb4990caf8a50ffbec623e3557a8034a20392bfe9755eb8df334d941e60777e421f8394db7cd4
-
C:\Users\Admin\Desktop\MountInitialize.contactFilesize
1.4MB
MD56e8b832fad3ef15d76cab1ba7d549b9e
SHA12ed5cc8f69b9cd15ad53fd0194b7357af4f6d498
SHA256322dba7dd1c8f44cc5b271fd0b17410f6d876be45cf344562ee7c830da8d338f
SHA5128e0226f460940115f9a28ee3e27d66386f859e37da62e770941570ff6750bc739bdce98f77d0a058de4d37f634dee3f628df6e3d73bae419dbfcee0eac9de1d4
-
C:\Users\Admin\Desktop\ProtectSuspend.mhtmlFilesize
574KB
MD5806af1d8bc4d22f73749df276dae13d9
SHA14c11b773a7a9204f279716db068d37d61e205f59
SHA25626d86a951381a7db430a241bf432295bb2a8ecda2efdf5e2e4d2d372f415afe8
SHA512f1ccfc6e837fe26337cb2d369bc48a9bc7412abfd4beaa0eb25614f38e4b9ac9f4f5ec86e06e53e59507c7325526ca4e089e127d3c1e03dc53a42b68631209b7
-
C:\Users\Admin\Desktop\Recycle Bin - Shortcut.lnkFilesize
359B
MD5e91e2e19d333d2869ecd4e84dadce0b1
SHA14cc8f4571869f83e2c0ebfac3dd17f0c51654bd6
SHA2561bae20e282456a5df55249f23d3c89430ed079c5e0f25d16976128f303db9e61
SHA512b540108474cd92140d824e7aedc50b24fc30bcd9d5a87ac9c5f6af11b1079d518006c1942a156da093f3e27481cb5182d60118c4e984f099a38cff68fbb59867
-
C:\Users\Admin\Desktop\RegisterRestart.vbsFilesize
783KB
MD5482d465181c1b1245cc29a9cfccb4493
SHA17edd35dde62c49261a8891c3b114272a82e5e422
SHA2560ae5e835e2037edeb46ea85feb11f7bfe2e6c88f82c8ef5268057c0512e89ab3
SHA5125a95bf84cd50c899d7893e0494b22365c19ad55d6206b706d3c478473210982aefd6b3f216b3533b8b0c146da75e8277de688ea468da8b3930daf392a0b2499f
-
C:\Users\Admin\Desktop\RestartSync.vdwFilesize
365KB
MD559a864f52272f213e4b41bdd550b18dd
SHA11287b4819f693ce0988d9349810fb06a5fe048b1
SHA256dbd0d261c3a28b3735c17fea4ba064bd6cdbc4ac47c3bbb5af6f8d1dc514ede8
SHA51248b0b6e6ba1bd5d221d3e445debc38b994caf5f16f0ba2e707a7027c77944e421032f59c058acbb21773ad63acf0e566c5245942b38860ee9e7fd19af2999bdf
-
C:\Users\Admin\Desktop\S-1-5-21-3434294380-2554721341-1919518612-1000 - Copy (10)MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\Desktop\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop (2).iniFilesize
129B
MD5a526b9e7c716b3489d8cc062fbce4005
SHA12df502a944ff721241be20a9e449d2acd07e0312
SHA256e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066
SHA512d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88
-
C:\Users\Admin\Desktop\SendBackup.xlsxFilesize
12KB
MD5db183532e6189ea42ad0caa368fc40bf
SHA111cc091ea900d95b2835a6de85483cf0f75cf11a
SHA256986c30619350112526fb7320ad671eb6ae9e874de38d98fd29f6a196bbd1fce0
SHA51289f96fbd80bedbd87db2bdc11232aafe06463dc6da2026802b6d1af502e3ce94d0ddde45645f729d63e84c9e96fb46ecc5f301f9a62e619a12706ee10173285c
-
C:\Users\Admin\Desktop\SetPush.vssxFilesize
644KB
MD56458386b0152a6f67ffb72599d67a7f9
SHA1ab269e8055dbb17900d2d8e8b7590f1bc955a17b
SHA256969edb8892d5d521540aa24fd86933eb5c1b6ee7b3f509cb859f8df3c45c9d7d
SHA5120733540b990bcfb11b2cb82eb94f8b3fb94df466096d04fb8e0e0842fab0f1bb55461a9a9e451d9118bf3b8721b0448158b9eb08925e940e3f4c45b34f231415
-
C:\Users\Admin\Desktop\SplitDeny.wmaFilesize
957KB
MD55dec1a393b472d6aeb04093fbc4da14a
SHA143ebdd76b57d4f49f89ad14964db8d9e663d2e2c
SHA2560daffbd8f41bbf87a70c77ebaede58ad58858f8f6b09f22c41efa7a9676d3638
SHA512a4d082473dff5fcb5e4225bff9c49aae3f8d815299be8aa7b3539f8ce1775a74393d34c64b6d5062d460270561c4678b2417e8fe659332ce72ffc1d28e4016f1
-
C:\Users\Admin\Desktop\StepStart.docxFilesize
20KB
MD52c28de05de5bc9a71b3579e01caf3aee
SHA1b327dc2e5f145e4878b70f483e372c3aba02f29b
SHA2569160e95e93f297454562b0015c1bd08800a28e8c087a12e14354eda4c6408b24
SHA512a4fd2735e32252e7ff4395e459ffec7cf2d3cf5b3f11d031b9704065301528e8ab5d9e4e21b31640f5f0d338f234c5b8a61cb97f88360bc945e8378529fe49b3
-
C:\Users\Admin\Desktop\SyncLimit.ppsxFilesize
992KB
MD5562a51ee5fed0e7a10d50e660846501b
SHA1e3079622ff662a61ca103ae51b8db94cca52050e
SHA2564c4594f077f839e9c5602cbe46d5cfc0bf39ce37bbab7c28bbbf781d73eeee13
SHA5126f8a5bd5e4e6f96b98b8fff9704f4822dde9d0b536818c7e910758d80a9938f32336ed9e2b760e58e0745e14d31e894c04d1c74008268736c794800036d0b14b
-
C:\Users\Admin\Desktop\UnblockRename.vsdFilesize
400KB
MD50f0859042bdb5f4dcf2bbf14d0bac0ea
SHA19e74d13101bb631c902b567a0d2af2021fc3f5bf
SHA2564aa743766d839484ee2e03b1cc36ab4686c2603165f59dfb66924c1618052cf1
SHA512ada5e3c13715b2a51f13ea822ac865d22b5e67c9598ab9f6d9a01229ab0277cd88ee03cf262739940bc0271876832cfcbe7242b741ae4bf1b53b79f456a56014
-
C:\Users\Admin\Desktop\UndoOut.tifFilesize
1.0MB
MD555686e0ad339eda5a1cdf82f67a6a62c
SHA16a7690505350a1814e0304ebd8e60b153fc41ff2
SHA256a8e0de179fd9da96fbc5801db38d03c6966eb923447b3c14fbec49f9dc975c95
SHA5125560f1981eaac23ec4c003c242de3e5c4ea47e397e507b4af2b4162091d63b91387a6f3cd69f949f84872291c68396c571ee84cf97be236fff9549da1a6ede23
-
C:\Users\Admin\Desktop\UndoRemove.docxFilesize
14KB
MD50993a1f2a6c10191622f70c1b6298eb8
SHA19d2fb7e618969107a129cccf1e16ec80e282fb0e
SHA25667270d2cad4eb833ec95570f24f59241b4a27f484be45f9734a355ef646805ba
SHA51231c58c30a60443bfa3654660c20f776973b594fa437e78656f849826309f96383e7c6a51b2b410e24dfbd3d07a4c08fab47f5921cc212d279e07a0bf5fbe7247
-
C:\Users\Admin\Desktop\UnpublishReceive.sysFilesize
435KB
MD53ec4e4b09400e2fdc0f987f838368514
SHA161895d65e33cc3530193dc0a257c922e5fb68eef
SHA2560a60022ecdfc12aafd77b13b809748e96582fd78c4c76c6057246decdb64caa0
SHA5123ba3be6c12487f349da61e1ec3cd9f8950910c435b8772a9f1c8cf4440c7203eb2a7f30ddc2ce58d3152e85af63dc858b7369cad0f3cf24161c81248af32b214
-
C:\Users\Admin\Desktop\UnpublishUninstall.ps1Filesize
679KB
MD56a9486bfede57a64b1a002d4faf31ea0
SHA17d111c305e46f236492637b4140b89b8b500f81f
SHA25683b278ff7bfdf8ae42cdcfef067db792047c3daa126b1f1b51b6729c6660cb35
SHA5121bf5705b7e7a62b637c90c61a318815b28ca3db85df9e72eb35d5d214723f5b794e109fa09a54e2398bc653277066eb1689805e3848fd2d5034202154dd84672
-
C:\Users\Admin\Desktop\WriteHide.xpsFilesize
888KB
MD55c5eb0d02c315b943f45b43daa42a891
SHA1cafc9a7d4268ce35e6d228b767474064e5b2d5b2
SHA2562914d6180d707159a0f0f0d1fd8eb76c15e346680584e9e438f9b5dff0c8e2ff
SHA5123b471ac043cb1abfadb943a370192ed728f1f31bb688b4466506e3152b9998a9918a839b288f81d68ea15d8a3fdf7b6ded36c153048118872188776fee8952e7
-
C:\Users\Admin\Desktop\desktop.iniFilesize
282B
MD59e36cc3537ee9ee1e3b10fa4e761045b
SHA17726f55012e1e26cc762c9982e7c6c54ca7bb303
SHA2564b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026
SHA5125f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790
-
C:\Users\Public\Desktop\Adobe Reader 9.lnkFilesize
1KB
MD5f7833a6b4d0d3c6252c5bae72ce4ffbe
SHA13eb6826cc838d14053c9136e3cd5d2c82c8582b9
SHA2562c5f9ff9573aa5522f947629e208b0501a3a526fde950a5a715914b1a68c4d2a
SHA512bbb7fe2d40bdaf68d0dbd7178949eda11569843c435449d6ed2180d37607f2d97fd3e547aabde8fdc2186ae906d747de56bc29d24f076d346ea772e716bf8081
-
C:\Users\Public\Desktop\Firefox.lnkFilesize
931B
MD5c7a442b0cc33249f397470b1846890a5
SHA1fe68d996c69127b3a8c521fbba06b740ea707db8
SHA256e4662963a01dc464d7157011460a227fd4136a8c5593762584657aee3d4134a3
SHA512b549f82a1142a78e6666cbc55aaccccedfa8b99fdd510e249708b330539fe75ab7f7f010a748478e2a234a4d1ef2316e5706bfd7c3e05f42a6838aad6936f916
-
C:\Users\Public\Desktop\Google Chrome.lnkFilesize
2KB
MD5b1fb1da90e3920c93556f2f85dfca9b7
SHA13008eae1f155928ef7477c44154624c314a15e97
SHA2567cbaa0e3aba25ff5230928503699abaac70268810d6b8f7259242604a143315b
SHA5123235df04640552d64e74fd43030e03e88fba7a7145935503c9a30cffda5ee02207303fad5dbbb2060f5371acbccb9b0fdc5e96972c25cb63d249cfdd1a11deca
-
C:\Users\Public\Desktop\VLC media player.lnkFilesize
878B
MD551389fc9204a2c44a09cc6573a58d44e
SHA138b86b7e193aa034d11d5fd657230b6e51a05101
SHA25649a096a737f387c490c495b0e26eb0e32777e26073256e21cc50854e78cea6ed
SHA5120697313dc31a053a0ddc7c90b5e9ef45652bda929770406d7ade3187ecafeef33e906d3a9f2468b8e9ad722692f7bfef087851c5970068df7eeebe3a75fa00e4
-
C:\Users\Public\Desktop\desktop.iniFilesize
174B
MD5dc723b859dec1526568ad581aec334d5
SHA174e7432df4a66f246b5214d60b190b67e2f6ce52
SHA2567148fbbf1aac8b5a54d248df19b60c00d3c0dcb2fd5bb2a1efd4e0f0eac6dd0f
SHA5129bb97339f18dc8744bfb7cb8fd9392c580765e707ddc228ef5045150375510b43f1f4c310274e20fc1c0c51f50f40d4430f40561d5cff46ff42214e465490074
-
memory/2156-174-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/2156-166-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/2156-175-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/2156-167-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/2564-113-0x0000000004100000-0x0000000004110000-memory.dmpFilesize
64KB
-
memory/2736-8-0x000007FEF5DD0000-0x000007FEF676D000-memory.dmpFilesize
9.6MB
-
memory/2736-9-0x000007FEF5DD0000-0x000007FEF676D000-memory.dmpFilesize
9.6MB
-
memory/2736-7-0x000007FEF5DD0000-0x000007FEF676D000-memory.dmpFilesize
9.6MB
-
memory/2736-10-0x000007FEF5DD0000-0x000007FEF676D000-memory.dmpFilesize
9.6MB
-
memory/2736-5-0x000000001B580000-0x000000001B862000-memory.dmpFilesize
2.9MB
-
memory/2736-12-0x000007FEF5DD0000-0x000007FEF676D000-memory.dmpFilesize
9.6MB
-
memory/2736-4-0x000007FEF608E000-0x000007FEF608F000-memory.dmpFilesize
4KB
-
memory/2736-11-0x000007FEF5DD0000-0x000007FEF676D000-memory.dmpFilesize
9.6MB
-
memory/2736-6-0x00000000027E0000-0x00000000027E8000-memory.dmpFilesize
32KB
