336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff

Analysis

max time kernel
149s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe
Size

39KB
MD5

2cea0c6a075971886b07f20a5a7a8d18
SHA1

bb994210d2a23811d2e98c25f5b8e92dc344ae5f
SHA256

336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff
SHA512

6cc95868b7b6858df9be24b868671fc774586e1bb3bdd4fc394973415ac02b06797a6a25d2a4f7e3d3f72843e37792a1a046a8bce4a818bfcd63a4268463d411
SSDEEP

768:p516GVRu1yK9fMnJG2V9dHS8DuHbKn/jGx:pv3SHuJV9NHuHbKSx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4108	Logo1_.exe
4704	336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Speech\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3088	4704	WerFault.exe	90

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe
4108	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 3032	4896	336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe	84
PID 4896 wrote to memory of 3032	4896	336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe	84
PID 4896 wrote to memory of 3032	4896	336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe	84
PID 4896 wrote to memory of 4108	4896	336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe	85
PID 4896 wrote to memory of 4108	4896	336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe	85
PID 4896 wrote to memory of 4108	4896	336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe	85
PID 4108 wrote to memory of 1628	4108	Logo1_.exe	87
PID 4108 wrote to memory of 1628	4108	Logo1_.exe	87
PID 4108 wrote to memory of 1628	4108	Logo1_.exe	87
PID 1628 wrote to memory of 2896	1628	net.exe	89
PID 1628 wrote to memory of 2896	1628	net.exe	89
PID 1628 wrote to memory of 2896	1628	net.exe	89
PID 3032 wrote to memory of 4704	3032	cmd.exe	90
PID 3032 wrote to memory of 4704	3032	cmd.exe	90
PID 3032 wrote to memory of 4704	3032	cmd.exe	90
PID 4108 wrote to memory of 3568	4108	Logo1_.exe	56
PID 4108 wrote to memory of 3568	4108	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3568
- C:\Users\Admin\AppData\Local\Temp\336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe
  "C:\Users\Admin\AppData\Local\Temp\336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4896
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a58DE.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe
      "C:\Users\Admin\AppData\Local\Temp\336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe"
      4⤵
      Executes dropped EXE
      PID:4704
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 1016
        5⤵
        Program crash
        
        PID:3088
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4108
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1628
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4704 -ip 4704
1⤵
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
4aaa245ff034f0f7748335aab26f0a66

SHA1
892ec26603207dbb1f44ed51e96bddf38e40155b

SHA256
585a81cd9d4bb39b76878de22d22252cfbd331da2cca7ea6e104c923ad6c1b01

SHA512
2260a0364e79f25cb7236491ebe794de23891e7ee83656eef110fe5d2ef6168ccf3b29900a298fefcdee3aaa53dd9860366c34c8a18646b631225ee740af730f

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
93034dba7d2bc4bf602048bc84966fa2

SHA1
6d187efddbdb105ab6768f147b43e7c31c3997d0

SHA256
f8f8c2edb724bcdf45802c9f09adcf38b39986e4c11dd6afa0090c972059c757

SHA512
ce2e44f92f88eca02f6d7282e0a8f6d7408aafed42f35037890261d9b28f4fed7be403640c057968e6773001496f97197497e942024cad124900f5dfde072a1c

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
c8d281da4c32df16eef470c27c8cb459

SHA1
00efc9f6844bfaa37c264b6452c6a7356638ab10

SHA256
058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

SHA512
e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a58DE.bat

Filesize
722B

MD5
ef3f11386930543b01c679a061109080

SHA1
37851ee031e65b560d0a9201f35e4a97de92d3b0

SHA256
653f8099ddddb0b71ad9ea1f0f6ca83471886c4fd34b5e388c018331eec16994

SHA512
b66dec9c52ac5c295d9851ffc32348be52b23d03cc106f32dbc87875c57d5dd2594693d0e3753365cc5664ece17969979f87e1efca3d202dec7ae538bad9b132

Download Submit
C:\Users\Admin\AppData\Local\Temp\336e9a72afce3663806bf222928ef44c6c4adfd18d302ece28ae4c260f74ffff.exe.exe

Filesize
10KB

MD5
67f64a3ef10630d8305944d4c902e73e

SHA1
60ef09c067993aa87fd3dbfc10ae552f75ea4a82

SHA256
663e8961961141247a8a5cd305b7c2d53ab1f8deaebcd60728ab73a0ec52fa79

SHA512
35649265e61ebea7959a1d506298858faeeb0092e1ee1e01d5ceafcb678fbf7aea095de06a746afc41ee9fe0b3c250000cfcdbaea315e118e24a54999cf08b3b

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
c5155b96f66956ca08b4e42147111980

SHA1
e9af8321fd989544d0e429c6b9abc4dade3de3e4

SHA256
6fc7c42e92228d2aec2c4e86f01d0d097f2850053368caf26f9556664025b0e5

SHA512
cfe46fe841ca89f2a22e99baccba837eede7b0697e6a5382c96a5ca760e791a0aa1657187fc513d3e7fff59d13f8f3c8f1b14a56e6b7de07a0a7ac93cc091c28

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-259785868-298165991-4178590326-1000\_desktop.ini

Filesize
9B

MD5
2be02af4dacf3254e321ffba77f0b1c6

SHA1
d8349307ec08d45f2db9c9735bde8f13e27a551d

SHA256
766fe9c47ca710d9a00c08965550ee7de9cba2d32d67e4901e8cec7e33151d16

SHA512
57f61e1b939ed98e6db460ccdbc36a1460b727a99baac0e3b041666dedcef11fcd72a486d91ec7f0ee6e1aec40465719a6a5c22820c28be1066fe12fcd47ddd0

Download Submit
memory/4108-41-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4108-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4108-5236-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4108-4797-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4108-24-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4108-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4108-31-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4108-1232-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4108-139-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4704-18-0x00000000750C0000-0x0000000075870000-memory.dmp

Filesize
7.7MB

Download
memory/4704-20-0x0000000005B90000-0x0000000006134000-memory.dmp

Filesize
5.6MB

Download
memory/4704-19-0x0000000000C20000-0x0000000000C28000-memory.dmp

Filesize
32KB

Download
memory/4704-22-0x00000000750C0000-0x0000000075870000-memory.dmp

Filesize
7.7MB

Download
memory/4704-21-0x0000000005680000-0x0000000005712000-memory.dmp

Filesize
584KB

Download
memory/4896-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4896-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download