94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe
Size

44KB
MD5

d4fef69072cfc347a36c66220ff58ce1
SHA1

07b8cfa5d6d04d21d4483a6de4934eb0745f1df9
SHA256

94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d
SHA512

0991b53164505a44361188d11e83484da5ac42a91ddf1343a7b06be044d47dc2bad39063426e256ec7db6c3b20ad520ebed73aabe1885afd1eb43df0f6c5a58e
SSDEEP

768:7Bv1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoLZLofwNWzRs50Zi9zPR:vfgLdQAQfcfymNFLofgWzRUz5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3004	Logo1_.exe
2308	94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pt-PT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\MSBuild\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\id-ID\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Lumia.MagicEdit\UserControls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Lumia.MagicEdit\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-cn\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe
File created	C:\Windows\Logo1_.exe	94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2716	2308	WerFault.exe	91

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe
3004	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 1596	4684	94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe	85
PID 4684 wrote to memory of 1596	4684	94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe	85
PID 4684 wrote to memory of 1596	4684	94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe	85
PID 4684 wrote to memory of 3004	4684	94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe	86
PID 4684 wrote to memory of 3004	4684	94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe	86
PID 4684 wrote to memory of 3004	4684	94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe	86
PID 3004 wrote to memory of 5076	3004	Logo1_.exe	88
PID 3004 wrote to memory of 5076	3004	Logo1_.exe	88
PID 3004 wrote to memory of 5076	3004	Logo1_.exe	88
PID 5076 wrote to memory of 2948	5076	net.exe	90
PID 5076 wrote to memory of 2948	5076	net.exe	90
PID 5076 wrote to memory of 2948	5076	net.exe	90
PID 1596 wrote to memory of 2308	1596	cmd.exe	91
PID 1596 wrote to memory of 2308	1596	cmd.exe	91
PID 1596 wrote to memory of 2308	1596	cmd.exe	91
PID 3004 wrote to memory of 3508	3004	Logo1_.exe	45
PID 3004 wrote to memory of 3508	3004	Logo1_.exe	45

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3508
- C:\Users\Admin\AppData\Local\Temp\94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe
  "C:\Users\Admin\AppData\Local\Temp\94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4684
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5DDF.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe
      "C:\Users\Admin\AppData\Local\Temp\94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe"
      4⤵
      Executes dropped EXE
      PID:2308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 800
        5⤵
        Program crash
        
        PID:2716
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3004
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5076
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2308 -ip 2308
1⤵
PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
f7e897352daac85694c089b44de3f54a

SHA1
ad637e5a5fc8954ad2fa39d7594e9046b010d574

SHA256
3bf52fe0c574c2ea394c25b2430435e6bdd238e10cff9ccea1b91f1637ae4dac

SHA512
1895a36db6d8a9391b2d2e54f6217aa5afc92e2d384a8b8d0c08380e493393434ee1b60e493ad29e3c0a005d422b933bfa4d73cf2ecf515f14426b3cb689413a

Download Submit
C:\Program Files\MeasureUnpublish.exe

Filesize
494KB

MD5
da264ff5cc6c5204f12630ec4e144df9

SHA1
d18b516f12b5d5b04dad54ab2b40cd77bf42a232

SHA256
a699a1471baf5a979dd37d080531c135221b53f4f88f8d7beafb3dad9f8d2bc2

SHA512
5c0c6c84bfab4a363fb8bf29b9595daa0724ccc337a5cb81a47ed46ba736f9fc621f25f9b7096d377bed53fad377299e0f4d487cf3b676f3ce0b707f707f5d23

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

Filesize
481KB

MD5
1db5b390daa2d070657fbdb4f5d2cc55

SHA1
77e633e49df484b827080753514cc376749b0ceb

SHA256
d5fbaf5c0d8e313d4dad23b28cac4256c5dbed6ab3b0d797e2971f30c5e095ad

SHA512
68aa0152f5aae79a146c1813915fd16ec5454b285bd1781370923f97d6c147d53684192f7f4161e5c1a340959ec432ecaac127b0abe7d08f70c387e08ee4f617

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5DDF.bat

Filesize
722B

MD5
0c140a5f42c10b0e49145ff85ea8ee5b

SHA1
41974a4064539745ac718feec8c19986704c7aa8

SHA256
19d8770d24985a98ad123be069307ad8aa2d206bdc539e41b7bb07cbf7e7e7a6

SHA512
238f8596af4f5fe6ae4cbd90a5b6b72efaac6a58ccd2c7f70e223f0f61fbf35b0d7b39aedfc129a44712125006ae9a3a6f2c4eba0f95223c350d4ca0d596144d

Download Submit
C:\Users\Admin\AppData\Local\Temp\94956697c35b9d21fdac9fc8f726997e3587fca64342719c1ae3334a742a572d.exe.exe

Filesize
17KB

MD5
52aeb90ffda1ebca8bd42a1aef07160c

SHA1
537599d33cb291faaf393f8c8c5606e464c0ddc5

SHA256
52afb92c13901e960558661c781d6f33f9463191cac88372789198be27ba640a

SHA512
470e70fa1c7ae76e82d6dfd078b44e4c5dc5b0a0c3cacfd31b3fec5c951b27e4b9f6244523b72d7cb0fd5320f36a16225e03a7326337430724d0c10c2cd192a1

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
197d3bb40f2af7277a4fef58b91f17d4

SHA1
33e404deb5e5c8bea2003ec9c6e866885224b49d

SHA256
58c5dbc5a1badf666e035480826af07d769b70254b54b3d648e90d4f94508971

SHA512
85e9c967ec5299bf5899f0e9ce49e903f958a4cd56dc73a1aba1f9d45b4afb7227d655904325f06d8fdb7337bd265deca868b828f2deec6388a7faad4c226980

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3316742141-2240921845-2885234760-1000\_desktop.ini

Filesize
9B

MD5
62b5f4cbf35e0811170865d2c1b514b0

SHA1
eb9ab8cea4d5052efe5126141140269f2fc29e7b

SHA256
0c2b516efab7a741c31502cb6f7828de32cd4feb088b683d651225489f183bb3

SHA512
4632536c26324e72b20e87d53546ea1d012bc1f3457ce5d8e1b33dd3eebc41ad5e4a3d3f6a3a542d7ce103f95ca5a5a1973c6c036980f1e8860c6c5d93c5696f

Download Submit
memory/2308-18-0x00000000745D0000-0x0000000074D80000-memory.dmp

Filesize
7.7MB

Download
memory/2308-19-0x00000000006F0000-0x00000000006F8000-memory.dmp

Filesize
32KB

Download
memory/2308-20-0x00000000745D0000-0x0000000074D80000-memory.dmp

Filesize
7.7MB

Download
memory/3004-40-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3004-29-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3004-35-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3004-44-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3004-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3004-1006-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3004-1169-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3004-4720-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3004-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4684-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4684-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download