2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
07-10-2023 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe
Size

101KB
MD5

c982d024f5ab4d7f44d895db026d1837
SHA1

e1a5d4a20ca2bdeeec9fdde5589bf61b86c2d3b4
SHA256

2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3
SHA512

2751c2b1581661ae0418329be5cc77bde5016df468ca3ef265130e8f874a9a32be1dd206c16ad68f107127ac784297614e1268b633556d9bdd01fd03e90a4e84
SSDEEP

1536:IefgLdQAQfcfymNz2Go0VeoE4p9nV5Icq+cRXZ2N4xHuF8sQWNe5lb1PW:tftffjmN6GvE4pL4zv2NL6sRe5lxe

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2980	cmd.exe

Executes dropped EXE 3 IoCs

pid	Process
2784	Logo1_.exe
2636	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe
2496	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sq\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Stationery\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DAO\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OneNote\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\lua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe
File created	C:\Windows\Logo1_.exe	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2784	Logo1_.exe
2784	Logo1_.exe
2784	Logo1_.exe
2784	Logo1_.exe
2784	Logo1_.exe
2784	Logo1_.exe
2784	Logo1_.exe
2784	Logo1_.exe
2784	Logo1_.exe
2784	Logo1_.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2980	1448	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe	28
PID 1448 wrote to memory of 2980	1448	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe	28
PID 1448 wrote to memory of 2980	1448	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe	28
PID 1448 wrote to memory of 2980	1448	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe	28
PID 1448 wrote to memory of 2784	1448	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe	29
PID 1448 wrote to memory of 2784	1448	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe	29
PID 1448 wrote to memory of 2784	1448	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe	29
PID 1448 wrote to memory of 2784	1448	2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe	29
PID 2784 wrote to memory of 2224	2784	Logo1_.exe	30
PID 2784 wrote to memory of 2224	2784	Logo1_.exe	30
PID 2784 wrote to memory of 2224	2784	Logo1_.exe	30
PID 2784 wrote to memory of 2224	2784	Logo1_.exe	30
PID 2224 wrote to memory of 3036	2224	net.exe	34
PID 2224 wrote to memory of 3036	2224	net.exe	34
PID 2224 wrote to memory of 3036	2224	net.exe	34
PID 2224 wrote to memory of 3036	2224	net.exe	34
PID 2784 wrote to memory of 1428	2784	Logo1_.exe	12
PID 2784 wrote to memory of 1428	2784	Logo1_.exe	12

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1428
- C:\Users\Admin\AppData\Local\Temp\2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe
  "C:\Users\Admin\AppData\Local\Temp\2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a5B98.bat
    3⤵
    - Deletes itself
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe
      "C:\Users\Admin\AppData\Local\Temp\2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe"
      4⤵
      Executes dropped EXE
      PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe
      "C:\Users\Admin\AppData\Local\Temp\2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe"
      4⤵
      Executes dropped EXE
      PID:2496
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2224
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
a87a63f1d34e67b55a85e09c2e8f3d89

SHA1
f9ddadadd1d9308574b67033db940dfdb128d244

SHA256
0b0a3ef78d63506a36b89358270ff96a9f42b95dc8a55ec917c3dc072d798e57

SHA512
ec60903b3389d30523d04de88ef7f75fc11af018d2e4a7a3656c5148fbbc7dade2fc9f4e1c7875d9760f3eb569305628fa19abc9931a315c171e50b08330aa84

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
99ea9b604a7a734d3087fa6159684c42

SHA1
709fa1068ad4d560fe03e05b68056f1b0bedbfc8

SHA256
3f733f9e6fec7c4165ca8ba41eb23f604a248babe794c4ad2c6c3ce8032aab1c

SHA512
7af8008c7e187f925c62efc97e1891a7a38d089302dba39fbde137fb895e0592847ed0982c824c2075be8e6b95b6ce165ecb848ab85adf53779ebef613410fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5B98.bat

Filesize
722B

MD5
c3b10b66e56bc5a9e17b0841b956384a

SHA1
415b7c0a95f5fbcd27c50a770ecc1909eaff7a5e

SHA256
4afd8e2e745559b16d6f4ca228d4fe5160358f726a8ae8d1845d7b7233966b42

SHA512
5c72685e07b750accbf48513384f826a671a63d76efa30853482787ddf75fc6e679c127d22396ee629baeb17b32650a1fabe827b26485cebdc2f1e2de71d3f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5B98.bat

Filesize
722B

MD5
c3b10b66e56bc5a9e17b0841b956384a

SHA1
415b7c0a95f5fbcd27c50a770ecc1909eaff7a5e

SHA256
4afd8e2e745559b16d6f4ca228d4fe5160358f726a8ae8d1845d7b7233966b42

SHA512
5c72685e07b750accbf48513384f826a671a63d76efa30853482787ddf75fc6e679c127d22396ee629baeb17b32650a1fabe827b26485cebdc2f1e2de71d3f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe

Filesize
75KB

MD5
a7851a05e83f42f741a804320c485083

SHA1
b76d2e6eb6d2bf289a5118c908578906851460d0

SHA256
3600ff58fdb37f53562e626fd74d6f4d8d39925d711a96f221bb4aca7992926a

SHA512
eadbfbee79aa0f34b35e0a9c9d717b3c8ac18729df8e52332b696352a2a41d0da37119ab1cb81a10bb7854b930e6479686f8fa8b5a447d48213e3c1c9304ce7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe

Filesize
75KB

MD5
a7851a05e83f42f741a804320c485083

SHA1
b76d2e6eb6d2bf289a5118c908578906851460d0

SHA256
3600ff58fdb37f53562e626fd74d6f4d8d39925d711a96f221bb4aca7992926a

SHA512
eadbfbee79aa0f34b35e0a9c9d717b3c8ac18729df8e52332b696352a2a41d0da37119ab1cb81a10bb7854b930e6479686f8fa8b5a447d48213e3c1c9304ce7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2c835fc4e52bb18b181cde9445d4055f49f4ba6c98f5e359ea5c772b1e2d35e3.exe.exe

Filesize
75KB

MD5
a7851a05e83f42f741a804320c485083

SHA1
b76d2e6eb6d2bf289a5118c908578906851460d0

SHA256
3600ff58fdb37f53562e626fd74d6f4d8d39925d711a96f221bb4aca7992926a

SHA512
eadbfbee79aa0f34b35e0a9c9d717b3c8ac18729df8e52332b696352a2a41d0da37119ab1cb81a10bb7854b930e6479686f8fa8b5a447d48213e3c1c9304ce7b

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
af4aa190d08fe222e2be7da523824c9e

SHA1
9f59a5e39bf7efe4bd1514cc0db1953d1dea0358

SHA256
a046ced4dc861dd8a659d24d7c039a139eb407242a7e6c633a9b90f2f90f83f9

SHA512
77437effa4a99c7fba14c926ffed9c13bff8ea1f0ce766587a3327b31f70fd54c67b05b47072afa83cc6c91e2642c8efd78ee1da136deeee6f79f0cd1d51b505

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
af4aa190d08fe222e2be7da523824c9e

SHA1
9f59a5e39bf7efe4bd1514cc0db1953d1dea0358

SHA256
a046ced4dc861dd8a659d24d7c039a139eb407242a7e6c633a9b90f2f90f83f9

SHA512
77437effa4a99c7fba14c926ffed9c13bff8ea1f0ce766587a3327b31f70fd54c67b05b47072afa83cc6c91e2642c8efd78ee1da136deeee6f79f0cd1d51b505

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
af4aa190d08fe222e2be7da523824c9e

SHA1
9f59a5e39bf7efe4bd1514cc0db1953d1dea0358

SHA256
a046ced4dc861dd8a659d24d7c039a139eb407242a7e6c633a9b90f2f90f83f9

SHA512
77437effa4a99c7fba14c926ffed9c13bff8ea1f0ce766587a3327b31f70fd54c67b05b47072afa83cc6c91e2642c8efd78ee1da136deeee6f79f0cd1d51b505

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
af4aa190d08fe222e2be7da523824c9e

SHA1
9f59a5e39bf7efe4bd1514cc0db1953d1dea0358

SHA256
a046ced4dc861dd8a659d24d7c039a139eb407242a7e6c633a9b90f2f90f83f9

SHA512
77437effa4a99c7fba14c926ffed9c13bff8ea1f0ce766587a3327b31f70fd54c67b05b47072afa83cc6c91e2642c8efd78ee1da136deeee6f79f0cd1d51b505

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-86725733-3001458681-3405935542-1000\_desktop.ini

Filesize
9B

MD5
7b55ef79e83deff31c4c16ca44427d3d

SHA1
cd86347713b82993e86355d6937d54d08aef56b0

SHA256
c440aca6a410ba6673250517487032636dbb9a73d8287b312a49867b99b81f46

SHA512
1a53953508d74b22c37a81dec6767624bf7ca04cf1aa45f7b7a447e63f86cf6a469c89444f9f4b9d902899f4a005dbd6fa1a82fc432b6cf84b62ced9d31f512e

Download Submit
memory/1428-65-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/1448-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1448-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1448-12-0x0000000000440000-0x0000000000474000-memory.dmp

Filesize
208KB

Download
memory/2784-130-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2784-78-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2784-84-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2784-70-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2784-137-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2784-1889-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2784-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2784-3349-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2980-59-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download