201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2023, 07:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe
Size

116KB
MD5

a625bffbcc9f310a3998ca5ade8f14f4
SHA1

a76829a264359eccc14f4d30db97102234be49e8
SHA256

201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d
SHA512

1585c30d9b5ae16988c6b1c9ca924bf69b86b2b8b73bc6f235fd7c474db30c5f3628197bae95e22154c8ceaa2a615d950eddd0c580732a2dead218c4572811ec
SSDEEP

3072:BftffjmN3Jo/FQXy+uc//korlDFtNel3kaIFH/B0CyPvO3c0gCajNCg:JVfjmN3Jo/qi+k

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1196	Logo1_.exe
2112	201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\collect_feedback\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\th\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\typing\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\vi-VN\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn_IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{58A0B331-3AF0-4193-878F-F049A00D7980}\MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe
File created	C:\Windows\Logo1_.exe	201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe
1196	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 808	4448	201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe	85
PID 4448 wrote to memory of 808	4448	201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe	85
PID 4448 wrote to memory of 808	4448	201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe	85
PID 4448 wrote to memory of 1196	4448	201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe	86
PID 4448 wrote to memory of 1196	4448	201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe	86
PID 4448 wrote to memory of 1196	4448	201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe	86
PID 1196 wrote to memory of 4892	1196	Logo1_.exe	87
PID 1196 wrote to memory of 4892	1196	Logo1_.exe	87
PID 1196 wrote to memory of 4892	1196	Logo1_.exe	87
PID 4892 wrote to memory of 1648	4892	net.exe	90
PID 4892 wrote to memory of 1648	4892	net.exe	90
PID 4892 wrote to memory of 1648	4892	net.exe	90
PID 808 wrote to memory of 2112	808	cmd.exe	92
PID 808 wrote to memory of 2112	808	cmd.exe	92
PID 1196 wrote to memory of 3256	1196	Logo1_.exe	51
PID 1196 wrote to memory of 3256	1196	Logo1_.exe	51

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3256
- C:\Users\Admin\AppData\Local\Temp\201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe
  "C:\Users\Admin\AppData\Local\Temp\201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4448
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA5B6.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:808
  - - C:\Users\Admin\AppData\Local\Temp\201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe
      "C:\Users\Admin\AppData\Local\Temp\201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe"
      4⤵
      Executes dropped EXE
      PID:2112
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1196
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4892
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
bd68d43c687d28dd7a767928ee356a04

SHA1
683eeecef7f75194de1fc21296a31742351ec07f

SHA256
f50e651f61f0b43219f84425b96bb29d04067158c9a2090824501c128eb322f5

SHA512
d5d8bbc180782a5c648a44003622105904ac4d39018083631d3f56eb9b3ccb2990f7b295670e2920d7420d8ca785311b245ae46cc15d93c18f91fd74d028ddd4

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
484KB

MD5
dd7289d41bdd1d4e797fb59ec03c9ced

SHA1
d42c057bcd13b424abe11adfef721a10d2609288

SHA256
29bc1fa38ad291825d1e2d43db6bca71124243251b52df5b31922ff0f377684e

SHA512
bb2585c9bf1a9e8ab0f393b6e2e24eeea430c4a610ff5912b22b6ac860ba97b05dba5179159343a935bdecccaf1cdc3de03e437f86a0ea988d6e73ce4f832c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aA5B6.bat

Filesize
722B

MD5
0bdf235b86dd154c383f64a7e530e872

SHA1
4edc6100625e36546df0b7bbe70def610ac99c7d

SHA256
ba44298319dd653dbfaea75bbe40879a7f1f83eff5b51663b24e635d7bd7a959

SHA512
ea32c216e6efd13b693ea6e686443ecd7074197f285ddc2774af8995877f3e9dd577bb347e9efca98a44e959c6ea2b4373cca511f42325099f54de9ef65b3396

Download Submit
C:\Users\Admin\AppData\Local\Temp\201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe

Filesize
90KB

MD5
c8c3b8fb878ce29b75a69219abff4ccf

SHA1
e2e5d4feb0dff20ad1d83f72062f5816d365bc37

SHA256
4656a73e3e8ae7ab4dc9bcdcda922f18787978c758871c9bd51e4340d46e5113

SHA512
70c68e1c770cc806b2d2edf5d40cc86dd1781d8a01849cffc08a511133c1efcf892bd8a56dd4a7f8e307c46b038fff3a309ce9c1d78feb6190347ae6d77d6ad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\201cff169b47cdb925ca24fe47584599281b6ecd0bb65e5960411e93dff7b59d.exe.exe

Filesize
90KB

MD5
c8c3b8fb878ce29b75a69219abff4ccf

SHA1
e2e5d4feb0dff20ad1d83f72062f5816d365bc37

SHA256
4656a73e3e8ae7ab4dc9bcdcda922f18787978c758871c9bd51e4340d46e5113

SHA512
70c68e1c770cc806b2d2edf5d40cc86dd1781d8a01849cffc08a511133c1efcf892bd8a56dd4a7f8e307c46b038fff3a309ce9c1d78feb6190347ae6d77d6ad1

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
2001b3d40d05330d0c289354fd39c442

SHA1
31c0c109110e336da3bdfee62d6986e50be0affd

SHA256
ba1346ea33d2c9d045b75592ce50046974aaf474b530fd4c4d16dbf16cbaf815

SHA512
92847dfb9be7c658b61063cedaf0f7faa51fc8afe4dae11ab4bdfdeb4ad1f8a976f20901d2d8532a60df5ad528dbd907064889412d14370dd17f5e73289cde69

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
2001b3d40d05330d0c289354fd39c442

SHA1
31c0c109110e336da3bdfee62d6986e50be0affd

SHA256
ba1346ea33d2c9d045b75592ce50046974aaf474b530fd4c4d16dbf16cbaf815

SHA512
92847dfb9be7c658b61063cedaf0f7faa51fc8afe4dae11ab4bdfdeb4ad1f8a976f20901d2d8532a60df5ad528dbd907064889412d14370dd17f5e73289cde69

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
2001b3d40d05330d0c289354fd39c442

SHA1
31c0c109110e336da3bdfee62d6986e50be0affd

SHA256
ba1346ea33d2c9d045b75592ce50046974aaf474b530fd4c4d16dbf16cbaf815

SHA512
92847dfb9be7c658b61063cedaf0f7faa51fc8afe4dae11ab4bdfdeb4ad1f8a976f20901d2d8532a60df5ad528dbd907064889412d14370dd17f5e73289cde69

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1873812795-1433807462-1429862679-1000\_desktop.ini

Filesize
10B

MD5
e0b221b9338753deceb4d4e7a6bf13e8

SHA1
56521251ff5aab737b3617dd82eb07df74ad588f

SHA256
3e46e7e2c6c9cf629a9230a5b1c5b196f727959b334cbb517641244ec5c4b065

SHA512
391e4ed4ed44dc677fd663677cb7e69e4c23e4a3629940e46cf757d812395a7876a93c3568d12e5dd99e06b7068e22397694cf54723efa3f0f5789b9687b5810

Download Submit
memory/1196-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1196-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1196-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1196-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1196-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1196-295-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1196-1084-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1196-3483-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1196-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1196-4636-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4448-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4448-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download