d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c

Analysis

max time kernel
152s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe
Size

374KB
MD5

70eac1a741ba1a6b1d09e40e6bb43e8e
SHA1

ef2a237641adf31b81265b87277d23a0d977a9da
SHA256

d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c
SHA512

923e22cea03d0bbc9676e0c8c0a3f2a3ca84c928a0a48f5f838a1413f6897a5887e85d93521dbb49d660acfb8917f7d644f8bbf3752ccbdbeec1ed39eeb6939b
SSDEEP

6144:tVfjmNmM9FNfmEQqOFZs6NVk+T2L6NTX9loFZe8ZN/ADY10mD46QFCEkUP6r8xlW:L7+mgNZUfk+K6esrKa/zJY1x

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3328	Logo1_.exe
4348	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\th-TH\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sl-SI\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Visualizations\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\etc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\gmp-clearkey\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jscripts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ro-RO\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\zh-TW\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\amd64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\themeless\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe
File created	C:\Windows\Logo1_.exe	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe
3328	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 4720	2964	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	81
PID 2964 wrote to memory of 4720	2964	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	81
PID 2964 wrote to memory of 4720	2964	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	81
PID 2964 wrote to memory of 3328	2964	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	82
PID 2964 wrote to memory of 3328	2964	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	82
PID 2964 wrote to memory of 3328	2964	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	82
PID 3328 wrote to memory of 1452	3328	Logo1_.exe	84
PID 3328 wrote to memory of 1452	3328	Logo1_.exe	84
PID 3328 wrote to memory of 1452	3328	Logo1_.exe	84
PID 1452 wrote to memory of 4848	1452	net.exe	86
PID 1452 wrote to memory of 4848	1452	net.exe	86
PID 1452 wrote to memory of 4848	1452	net.exe	86
PID 4720 wrote to memory of 4348	4720	cmd.exe	87
PID 4720 wrote to memory of 4348	4720	cmd.exe	87
PID 4720 wrote to memory of 4348	4720	cmd.exe	87
PID 3328 wrote to memory of 3160	3328	Logo1_.exe	78
PID 3328 wrote to memory of 3160	3328	Logo1_.exe	78

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3160
- C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe
  "C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA613.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe
      "C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe"
      4⤵
      Executes dropped EXE
      PID:4348
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3328
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1452
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
70f949437f8aed88d16c0c5c6b3cf68a

SHA1
2a5156ce4fd7777dd7228c6c1dde2a62429a9cbf

SHA256
edb00aa6ab2df3d13b91f5d3985907a017660ef408128f9d41f1e2fc7082b317

SHA512
a3978fab6c45c86b587c89118a3246b81cb0a31aa8cad8cfe48f20bdf837d21e2f171a8f2a23deddd2b109ef96920332c00df9d181a0d8eaa929f62d4b8105b3

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
484KB

MD5
65437d38d0f5451442626518b4483c23

SHA1
d05b7e1e86e91c12f0abbf63a8b26f0eff0582ba

SHA256
79a03a8304aff751158edf3b746611175529f3cdb2aa23050a7b786aa045b8f0

SHA512
80e35aa3a63cb5b58ce99937ee45dea3eb0c0c24f54a20795e25e75e33ff8bd4825bd3aec4fd8868f03e77c161acdd76c30068668dd9b579fab260caef9a9c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aA613.bat

Filesize
722B

MD5
91e7c9fbc85a5f97d6758c3fdcc59260

SHA1
946ae5df5486bed6044bc1afe7501e31c5f0faee

SHA256
b02570b287eedf57491ce39fe6f863cc55384d535b0c49d004067addb1593817

SHA512
53b50e9143db8b267035a275b18b709d48d125e7b81dd7d97e137a76291295932319d5eda3a81f52ba2da4455eda7da3491b64f37ec3648fc51c24a0f7c67408

Download Submit
C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe

Filesize
348KB

MD5
13795541b03505e7c80f16fc77f12469

SHA1
6214648f964de2534d76cff4d7ef72e49407bd34

SHA256
261aba70ce4e95070f0b24ae8720378d17458eb999accc65f983647ece1390b3

SHA512
ab2db2f5164ff380dcbec6e07454c417e1d2e2785e6ce6f9bd0a72d95fdafa3505e197d7814a9cceb8176509623d221f77b86ebf033cdc323ec618a3eb6b3974

Download Submit
C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe.exe

Filesize
348KB

MD5
13795541b03505e7c80f16fc77f12469

SHA1
6214648f964de2534d76cff4d7ef72e49407bd34

SHA256
261aba70ce4e95070f0b24ae8720378d17458eb999accc65f983647ece1390b3

SHA512
ab2db2f5164ff380dcbec6e07454c417e1d2e2785e6ce6f9bd0a72d95fdafa3505e197d7814a9cceb8176509623d221f77b86ebf033cdc323ec618a3eb6b3974

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
ef8ff2cc0bb4a5c582b66fd67eb0190e

SHA1
70112da16e8340aa1fdd57f69462eac7f9a55437

SHA256
5a97f5b1b4e7cfb5f93e41e0cd3d4035f285e58dcf91b22b4f4369aec6822765

SHA512
d176acec787414edd8764bd7bad2b8d017c198f629c02ab6c42083d6db7e8b7bf56d9296b721fb87896472def2772d4fdc04319193adb86d1d263c9c38d164bf

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
ef8ff2cc0bb4a5c582b66fd67eb0190e

SHA1
70112da16e8340aa1fdd57f69462eac7f9a55437

SHA256
5a97f5b1b4e7cfb5f93e41e0cd3d4035f285e58dcf91b22b4f4369aec6822765

SHA512
d176acec787414edd8764bd7bad2b8d017c198f629c02ab6c42083d6db7e8b7bf56d9296b721fb87896472def2772d4fdc04319193adb86d1d263c9c38d164bf

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
ef8ff2cc0bb4a5c582b66fd67eb0190e

SHA1
70112da16e8340aa1fdd57f69462eac7f9a55437

SHA256
5a97f5b1b4e7cfb5f93e41e0cd3d4035f285e58dcf91b22b4f4369aec6822765

SHA512
d176acec787414edd8764bd7bad2b8d017c198f629c02ab6c42083d6db7e8b7bf56d9296b721fb87896472def2772d4fdc04319193adb86d1d263c9c38d164bf

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-618519468-4027732583-1827558364-1000\_desktop.ini

Filesize
9B

MD5
ec7139d5bb99bcebaf0b91c58a9ec5aa

SHA1
70404362dd74e309722fd282c3492ec95674123c

SHA256
eb17ae1b1de9e95e0d159893048f2de5c1c158467e768cc0ddbaa517c45e0582

SHA512
b0114d8f74b17836819b750cff2b590b652e04bb2dc0e9dc8bffac7ed66bd9ded03cd35abc7fc0fcd0127a994c283dcd162e97e6dd76f5a903ff59e4951dfc48

Download Submit
memory/2964-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2964-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3328-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3328-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3328-38-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3328-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3328-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3328-1278-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3328-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3328-4435-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3328-4810-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download