64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe
Size

707KB
MD5

b824283f13c3297d0540999934f2c0f4
SHA1

e066816c5669489508ba8e165a17b697ba369ece
SHA256

64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786
SHA512

0ef6a95e8ed099405f7bf52f36b19889f696a8d894076b092575cdcb98b56253aa0cf3bde6e77dca1b2281a1d54b67105a15ec956a645a7edc8f3f3e7750f50a
SSDEEP

12288:FQ7+1SSnUKJwwgOBReMmc/VDznbvEownBuANaso1p7dZnuKYk0XLR:+7qSSnXRRwn4ANass5ZnurLR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3732	Logo1_.exe
2968	64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstatd.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bn-BD\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\zh-TW\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Sounds\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\da-dk\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe
File created	C:\Windows\Logo1_.exe	64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe
3732	Logo1_.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 3032	1356	64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe	81
PID 1356 wrote to memory of 3032	1356	64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe	81
PID 1356 wrote to memory of 3032	1356	64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe	81
PID 1356 wrote to memory of 3732	1356	64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe	83
PID 1356 wrote to memory of 3732	1356	64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe	83
PID 1356 wrote to memory of 3732	1356	64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe	83
PID 3732 wrote to memory of 3876	3732	Logo1_.exe	84
PID 3732 wrote to memory of 3876	3732	Logo1_.exe	84
PID 3732 wrote to memory of 3876	3732	Logo1_.exe	84
PID 3876 wrote to memory of 3496	3876	net.exe	86
PID 3876 wrote to memory of 3496	3876	net.exe	86
PID 3876 wrote to memory of 3496	3876	net.exe	86
PID 3732 wrote to memory of 2000	3732	Logo1_.exe	42
PID 3732 wrote to memory of 2000	3732	Logo1_.exe	42

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2000
- C:\Users\Admin\AppData\Local\Temp\64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe
  "C:\Users\Admin\AppData\Local\Temp\64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1356
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a690A.bat
    3⤵
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe
      "C:\Users\Admin\AppData\Local\Temp\64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe"
      4⤵
      Executes dropped EXE
      PID:2968
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3732
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3876
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
ce3ab54a1686671e1aa06ba0f186d4a6

SHA1
751203632351b005366309b86eb6c49fc4427cee

SHA256
b5f7b6a45f9e459d340e27aa043cad6305a188674c545a51c237d46470d3744e

SHA512
78986f2c05066685ab33c7188c0bff6528d9eb0ab84adaedf2dc45aeb617f853be1a5294494cebbe7e0b8ce2b69c9923d650fb0797d5d3b0c45c068df2e9a60c

Download Submit
C:\Program Files\ExitAssert.exe

Filesize
268KB

MD5
33eedeb04f59a6c8d38597dfba953f6f

SHA1
59bbe9707449f43649006f7cc22079c57f22a39c

SHA256
95453951ef24b5a2c254a5f0a6a069ebdeeb4ac58ad3b16d58b2821aef0fab03

SHA512
7099983fd23c21725147a142b79ad28a0519a20ca4b87a5e48a65115f77307d86394463665ef2af9eec0a7f6734a53a624d44804ba966c518b0125ea236f2bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a690A.bat

Filesize
722B

MD5
d59e9159a2e2a66a13767431cb372e51

SHA1
fbea6832a00f8d4d58caed9dae647199214fec4d

SHA256
9b3ac3a6c79618c4b505e47d9470d6a55d070f9fba1d6b17dbf4f475d663c92f

SHA512
2e6ca07676df90c6be11f95f762fcaa6b414417a696af07b549837b61f8b6e1e1e6396f7dc1bee70dbcfef1de28040a73fd543bc14703abddd25c623ca51afe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe

Filesize
681KB

MD5
788896b8239adef16e61f4a25ef16705

SHA1
47e3a8bdca551bacd4c1cad147c1080a7f45e799

SHA256
2be6fff4f0aca183206af72e9e1fb968f0bcad89bd9fa6f4780f68f04d80b609

SHA512
3f660a2a1c09cd15e8297fe35e4bfec3308213eec3c8f9626e09ec1c8f1d5b2a21a7c9bebd465a2e593667819a003ade836b375a2c520c40ddea61160192ff2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\64fdee75d70c4ed9a77eb83a73ce58c108fcd296bc744a4a6a64be2416fe3786.exe.exe

Filesize
681KB

MD5
788896b8239adef16e61f4a25ef16705

SHA1
47e3a8bdca551bacd4c1cad147c1080a7f45e799

SHA256
2be6fff4f0aca183206af72e9e1fb968f0bcad89bd9fa6f4780f68f04d80b609

SHA512
3f660a2a1c09cd15e8297fe35e4bfec3308213eec3c8f9626e09ec1c8f1d5b2a21a7c9bebd465a2e593667819a003ade836b375a2c520c40ddea61160192ff2c

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8fe367821d93d8adceae7279c322e47d

SHA1
973e03b35086d7450aa872d95ec307429460b8cb

SHA256
0100e6f69544ca0befe8a154ef093401a92b6fec6a192414a8b8216ab905924a

SHA512
55ea574ec91cf9a24f0dcab54097918adb93f053ae21045f4dd62c3b618207a3fecc22755266f163866d2191e59caf896fcb933fd4dd0646233a662a70c9c442

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8fe367821d93d8adceae7279c322e47d

SHA1
973e03b35086d7450aa872d95ec307429460b8cb

SHA256
0100e6f69544ca0befe8a154ef093401a92b6fec6a192414a8b8216ab905924a

SHA512
55ea574ec91cf9a24f0dcab54097918adb93f053ae21045f4dd62c3b618207a3fecc22755266f163866d2191e59caf896fcb933fd4dd0646233a662a70c9c442

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
8fe367821d93d8adceae7279c322e47d

SHA1
973e03b35086d7450aa872d95ec307429460b8cb

SHA256
0100e6f69544ca0befe8a154ef093401a92b6fec6a192414a8b8216ab905924a

SHA512
55ea574ec91cf9a24f0dcab54097918adb93f053ae21045f4dd62c3b618207a3fecc22755266f163866d2191e59caf896fcb933fd4dd0646233a662a70c9c442

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-618519468-4027732583-1827558364-1000\_desktop.ini

Filesize
9B

MD5
ec7139d5bb99bcebaf0b91c58a9ec5aa

SHA1
70404362dd74e309722fd282c3492ec95674123c

SHA256
eb17ae1b1de9e95e0d159893048f2de5c1c158467e768cc0ddbaa517c45e0582

SHA512
b0114d8f74b17836819b750cff2b590b652e04bb2dc0e9dc8bffac7ed66bd9ded03cd35abc7fc0fcd0127a994c283dcd162e97e6dd76f5a903ff59e4951dfc48

Download Submit
memory/1356-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1356-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-317-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-1279-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-3798-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-4811-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download