a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe
Size

88KB
MD5

2c52d4d39cf1bf569c6e2447a9df419c
SHA1

605c0da2de1a0fd37b18195ba3365b9a8d5f598b
SHA256

a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4
SHA512

d2eec153c7176701732d33bdc4e130eea41b732290ea3f156eeba150c7bdd3906db0644011c36fb4e7822a088a6612376e4ac90c43a49c4f931f4a6e21228b44
SSDEEP

768:/1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoLcgm6EIvcCIlBJd1mgqgadKsQtpSFT:tfgLdQAQfcfymNlCUchDsQt8oxHeWW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2708	Logo1_.exe
3080	a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\HoloTileAssets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\as_IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\locale\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ar-SA\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\he-IL\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pt-br\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe
File created	C:\Windows\Logo1_.exe	a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe
2708	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 1820	1356	a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe	81
PID 1356 wrote to memory of 1820	1356	a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe	81
PID 1356 wrote to memory of 1820	1356	a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe	81
PID 1356 wrote to memory of 2708	1356	a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe	83
PID 1356 wrote to memory of 2708	1356	a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe	83
PID 1356 wrote to memory of 2708	1356	a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe	83
PID 2708 wrote to memory of 3876	2708	Logo1_.exe	84
PID 2708 wrote to memory of 3876	2708	Logo1_.exe	84
PID 2708 wrote to memory of 3876	2708	Logo1_.exe	84
PID 3876 wrote to memory of 3496	3876	net.exe	86
PID 3876 wrote to memory of 3496	3876	net.exe	86
PID 3876 wrote to memory of 3496	3876	net.exe	86
PID 1820 wrote to memory of 3080	1820	cmd.exe	87
PID 1820 wrote to memory of 3080	1820	cmd.exe	87
PID 1820 wrote to memory of 3080	1820	cmd.exe	87
PID 2708 wrote to memory of 2000	2708	Logo1_.exe	48
PID 2708 wrote to memory of 2000	2708	Logo1_.exe	48

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2000
- C:\Users\Admin\AppData\Local\Temp\a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe
  "C:\Users\Admin\AppData\Local\Temp\a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1356
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6AA1.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe
      "C:\Users\Admin\AppData\Local\Temp\a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe"
      4⤵
      Executes dropped EXE
      PID:3080
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3876
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
1cd82144e9bdf90aae91927cfe472e91

SHA1
42b5487d6f4643b16fcf1ded3c232a24fb7f10ec

SHA256
e4f742f5d37492ab60a8f7abfbb6049093c8de3b6512fb3050ef09afa33da6cf

SHA512
5a3f468575e88d2295f0d52dccb0fbbd853f96d90926186b7a374c14e6bdbfe5d8054e679bd20dbbe9319c3d9719819d0ea09cdce45a84f54d0e1b7c88136a3b

Download Submit
C:\Program Files\ExitAssert.exe

Filesize
268KB

MD5
9378c654878e01f4699f4d85401c0233

SHA1
07950db0507c1f93e10b5a16f1e26ffae1dea73b

SHA256
c61c793a2f50757a5a5c910e195e59b0ecbb6bcef02e4b6f04674854d1e5c4ee

SHA512
3ced01a8a82aefc9f71cf03b7b8eb1a83cb1d3d412e14b7b7b8250b24463a4aa163a3c90306732b907df8d551e79b5492eb4894f73ecbea5db765072f80164c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a6AA1.bat

Filesize
722B

MD5
3706200868257ac647dbbc4170589227

SHA1
76a1ae7ab206c6c5872847cae92b9ce5d50aabdd

SHA256
a0376cbc823b6252c2ddfa659ad0657a6420be07926221c09288ec6f45cb2b7b

SHA512
10f66a4ef17ec78a8ed45254081c6f5557071fa7a8e993d65e85a83247856fc2b69dcd70d7e0e295216db960874a5386ba92c5ae6104ef7d86496110197c87e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe

Filesize
62KB

MD5
563e5d234d4f6287131bdf5ea1c371d1

SHA1
bb5006b7fbbc4c5266d63233e74ba829fcba846a

SHA256
c7c7d345ff20a9ca813c6fe3c6c09451a906fd0b32c5044732e82d841e87cf4f

SHA512
0cbd1e3ed330dbbc14727164a9f900fc0b16cd86cff30b6d756e21c3f65e361ef8882ac7bd7b6399960feae409ad0178e0e0eae0f5281a047c7cc8478d9b5382

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2efbefcadd471825c0d13338673488aed3121a724bd002a6f1ef373a3beb9d4.exe.exe

Filesize
62KB

MD5
563e5d234d4f6287131bdf5ea1c371d1

SHA1
bb5006b7fbbc4c5266d63233e74ba829fcba846a

SHA256
c7c7d345ff20a9ca813c6fe3c6c09451a906fd0b32c5044732e82d841e87cf4f

SHA512
0cbd1e3ed330dbbc14727164a9f900fc0b16cd86cff30b6d756e21c3f65e361ef8882ac7bd7b6399960feae409ad0178e0e0eae0f5281a047c7cc8478d9b5382

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
88af5b73238a71023386adc35d3af4ed

SHA1
d5f2bb1c8a4174588eb3768d187252b582e6579d

SHA256
dbff77fb2b63ebd55608ccdfe4182f721ce1553b94b35e3fd1e6a1553997d1cf

SHA512
fd1291d45e74dab90d80357a518f4cb20a645f55063f8258f87e060fa3c885e8970c66573f4669f01d06692b8f40673534b514081120eb021800813ce86545d2

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
88af5b73238a71023386adc35d3af4ed

SHA1
d5f2bb1c8a4174588eb3768d187252b582e6579d

SHA256
dbff77fb2b63ebd55608ccdfe4182f721ce1553b94b35e3fd1e6a1553997d1cf

SHA512
fd1291d45e74dab90d80357a518f4cb20a645f55063f8258f87e060fa3c885e8970c66573f4669f01d06692b8f40673534b514081120eb021800813ce86545d2

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
88af5b73238a71023386adc35d3af4ed

SHA1
d5f2bb1c8a4174588eb3768d187252b582e6579d

SHA256
dbff77fb2b63ebd55608ccdfe4182f721ce1553b94b35e3fd1e6a1553997d1cf

SHA512
fd1291d45e74dab90d80357a518f4cb20a645f55063f8258f87e060fa3c885e8970c66573f4669f01d06692b8f40673534b514081120eb021800813ce86545d2

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-618519468-4027732583-1827558364-1000\_desktop.ini

Filesize
9B

MD5
ec7139d5bb99bcebaf0b91c58a9ec5aa

SHA1
70404362dd74e309722fd282c3492ec95674123c

SHA256
eb17ae1b1de9e95e0d159893048f2de5c1c158467e768cc0ddbaa517c45e0582

SHA512
b0114d8f74b17836819b750cff2b590b652e04bb2dc0e9dc8bffac7ed66bd9ded03cd35abc7fc0fcd0127a994c283dcd162e97e6dd76f5a903ff59e4951dfc48

Download Submit
memory/1356-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1356-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2708-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2708-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2708-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2708-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2708-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2708-375-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2708-1279-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2708-4385-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2708-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2708-4811-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download