48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 15:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe
Size

56KB
MD5

fce33554a33007d6cd0bc092b47311ae
SHA1

bb56d59439dede8b06c3f3a27ec5095ddfc9ed30
SHA256

48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18
SHA512

7bf3cddfd7a2ea3747750c0dfe76a068842dbcc4c84546410fbe9e1552a966b46702858e35b941cdb71c57197772f09cb21348833f8796dc6c1ca8590e28b0aa
SSDEEP

1536:MfgLdQAQfcfymNG+KxLztUjVqhhO/Pjghgykga7Cw:MftffjmNoxvtzE3GkRl

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2392	Logo1_.exe
4744	48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00080000000231f9-16.dat	upx
behavioral2/memory/4744-18-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral2/memory/4744-19-0x0000000000400000-0x0000000000414000-memory.dmp	upx

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-ES\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\am\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\da-DK\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe\sr-Latn-RS\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Configuration\Registration\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ug\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Portable Devices\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\people\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe\MSIX\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\he-il\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe
File created	C:\Windows\Logo1_.exe	48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe
2392	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 812	1344	48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe	89
PID 1344 wrote to memory of 812	1344	48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe	89
PID 1344 wrote to memory of 812	1344	48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe	89
PID 1344 wrote to memory of 2392	1344	48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe	90
PID 1344 wrote to memory of 2392	1344	48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe	90
PID 1344 wrote to memory of 2392	1344	48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe	90
PID 2392 wrote to memory of 2768	2392	Logo1_.exe	92
PID 2392 wrote to memory of 2768	2392	Logo1_.exe	92
PID 2392 wrote to memory of 2768	2392	Logo1_.exe	92
PID 2768 wrote to memory of 3668	2768	net.exe	94
PID 2768 wrote to memory of 3668	2768	net.exe	94
PID 2768 wrote to memory of 3668	2768	net.exe	94
PID 812 wrote to memory of 4744	812	cmd.exe	95
PID 812 wrote to memory of 4744	812	cmd.exe	95
PID 812 wrote to memory of 4744	812	cmd.exe	95
PID 2392 wrote to memory of 3376	2392	Logo1_.exe	56
PID 2392 wrote to memory of 3376	2392	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3376
- C:\Users\Admin\AppData\Local\Temp\48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe
  "C:\Users\Admin\AppData\Local\Temp\48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1344
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2E44.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:812
  - - C:\Users\Admin\AppData\Local\Temp\48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe
      "C:\Users\Admin\AppData\Local\Temp\48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe"
      4⤵
      Executes dropped EXE
      PID:4744
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2768
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
d76cd4328b50ee926de42875a5081d61

SHA1
e79b5af0d1e24523fd733a916c797f3a3476dded

SHA256
7830f9e9463895e93633a3b551d795efb3bb6b148478942c60665e9851a3640d

SHA512
4c150a1b562fd2dc4daa2f0fc8644737bae68f1e69a66bb596d96ee1beaefcaca31ae6a4889a93497f9f08df31d1f8669d4a2fa0b6d81f6e27e5b4621d407d4e

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
213c84753fa5992ae92dae0cb8f7756a

SHA1
5213298f1fdb35e6c09da228a52fff1b853d92d2

SHA256
eea5d8a44927c501b700a8cfc1e824ed25a1f08d817703ded18b0fe8bb4b4905

SHA512
e17f93780c0f006cfd415efaa8fb1a30e4ef243f7cb86e8d64165ae278663945480dca89271c80fac470a123b25ae86c875d12bdd8ffd6a69f0facd15c916bcf

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

Filesize
481KB

MD5
0c5536c6a3aefefb2d4cc1cfbb729119

SHA1
660b05e7c4543df8ec6d4e80d6c8f3c9d667bf8c

SHA256
297984cb1c691abf3614c0c64ed3ed1b8cbf2e2f2efae02e5392e110a717394c

SHA512
9f833ca254c2e29c8fa9fe95ebeb6d62a686b99dd6597761ffb2797a0b50daa531a483f6047b8bbb059c2f15abe19aa030e67d2c1198624633146d76aebc7da8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a2E44.bat

Filesize
722B

MD5
c37b922753b2bfdbb430daf59cead578

SHA1
6d2d8834bfc88e116fb5c845042c3d75096530d5

SHA256
7df4d8f0c6c90361f9aa056af649ff8d1dccc0e96521b5fd9313ab39e94d5fd6

SHA512
5751eef3d2279006de7997e3dcaff3a50447a1c1d99e03c588a19d7e9115703637f29133411b4703f4c287627a8d04e2fa00fb06bbb5054eb28b3f902ccedaf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\48b50a8aaecf6ebd45fc45a07fe29f50e4428e639466f03b1b9f5d6e96061b18.exe.exe

Filesize
30KB

MD5
eb501cc7e76645141c537c48c109972b

SHA1
048bd852253133ea17b42c377e6a84ab695b9e41

SHA256
86cc414f88487b0e6af195ab6d23b89e68b87b06abd1c470652ff2f04f9093a2

SHA512
f9028e7137edb2e044596c0bf63072fb0188664d8b5e7f0a809de4a4ef72dc3554639e9a37647608dd8804ef792aede3dcc3b8fe60030594ef22666dad929e27

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
7da2d119f523dd69d8292dc88897a25d

SHA1
e132d9ab79c037320e748f1a3f77e96f250f6da3

SHA256
7d6868a7851699b6ebd4ae19a2863608bbe1444515258470fad991c6e3578ac5

SHA512
f27a14908b4a332feb6d40f480d38dbd28f4c6226f99e203f88c353408bc5bbb21e59bd8e149ee11a6949a2c4b2c1d22535ecf5f5f2f2fa71fb8a8c1a13cd5d2

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-399997616-3400990511-967324271-1000\_desktop.ini

Filesize
9B

MD5
b2c5a70d0c0f7486eb7bcd691664669b

SHA1
0be0eb4afb44c300b16181ffb981db5d2e6563e8

SHA256
3369ac2d9926df9466c914d7bafae58764696319b1584f9f83202267db0f8799

SHA512
5d9ec62e9872989b928f4372fe35a4fec4ab6ae308a2d0191b487cfa1bdca276bb5ac54c7d3ba59d081128dcfb40252e40089e03ca4600ee428714a322628d14

Download Submit
memory/1344-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1344-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2392-28-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2392-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2392-35-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2392-39-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2392-43-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2392-1010-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2392-1177-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2392-1471-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2392-4742-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2392-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4744-19-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4744-18-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download