6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe
Size

563KB
MD5

bf16e6d74a05f748114cb53b6f4e7ec4
SHA1

ee9bf89b1864d581f9c7062931e26ab8466fcfdd
SHA256

6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae
SHA512

e85b42a387dfbc384c768579ada7ad93059de89400cb77cd17fbd56a0cbbab321b9ee8e92dfeab5e3fcd62d873dfa19efb1590f1a20c659a4f398fb3600fc520
SSDEEP

12288:Y7+gLc+Gl3DflwlLrfw+fZdI+eN9K61cNiSvSGtTnOmyMcp7YJhnRw:Y7Dc+qILkOdIdcN/vvtTObMceJhRw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4464	Logo1_.exe
5020	6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Configuration\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\af-ZA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\keystore\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\smsconnect\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lo-LA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\capture\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kn-IN\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\hrtfs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_2019.904.1644.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\_Resources\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Mail\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-CA\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Configuration\Schema\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe
File created	C:\Windows\Logo1_.exe	6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 1244	3144	6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe	84
PID 3144 wrote to memory of 1244	3144	6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe	84
PID 3144 wrote to memory of 1244	3144	6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe	84
PID 3144 wrote to memory of 4464	3144	6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe	85
PID 3144 wrote to memory of 4464	3144	6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe	85
PID 3144 wrote to memory of 4464	3144	6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe	85
PID 4464 wrote to memory of 2764	4464	Logo1_.exe	86
PID 4464 wrote to memory of 2764	4464	Logo1_.exe	86
PID 4464 wrote to memory of 2764	4464	Logo1_.exe	86
PID 2764 wrote to memory of 4996	2764	net.exe	89
PID 2764 wrote to memory of 4996	2764	net.exe	89
PID 2764 wrote to memory of 4996	2764	net.exe	89
PID 1244 wrote to memory of 5020	1244	cmd.exe	91
PID 1244 wrote to memory of 5020	1244	cmd.exe	91
PID 4464 wrote to memory of 3380	4464	Logo1_.exe	56
PID 4464 wrote to memory of 3380	4464	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3380
- C:\Users\Admin\AppData\Local\Temp\6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe
  "C:\Users\Admin\AppData\Local\Temp\6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3144
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a76F5.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe
      "C:\Users\Admin\AppData\Local\Temp\6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe"
      4⤵
      Executes dropped EXE
      PID:5020
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4464
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2764
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
02e8a9f4997a06d42734002578ac2add

SHA1
dadaaa1bcd850545f4f17a62afaff7aa6cfa3e2a

SHA256
1ccd4f031805035f1f8e1ca4ff38fa1b37a824f6e43a81337eef2f97ddc8b0f3

SHA512
1e1fde450effc10091ef5805d50dfbc63c15f49b9a3ddd1df1c97fdcedb1670ba03dc2c353f6efd81f5d3a4925dbbb107b34a5f1906943f66813c4d5b5fa53d5

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
ac4d3ebef8c73ae9624ef0d04aea7735

SHA1
66c870f823d9aadd1768e908fd2ebbfe231b5fe7

SHA256
31df5a93b81c490d794438679a8ec91bd6e5be776396c964a9055aecf1bc6859

SHA512
3594beb5d4cfa30ae14c986d42e06ed4f05e9b24463f1a9079c7c087ce597ffea36477967cd49ef13da0625c286f9e522e241c35d4f6ccbbf309579952cc6065

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a76F5.bat

Filesize
722B

MD5
bb2e3285bfbedfe5028a7de11802293f

SHA1
fd3d077188aa0090a4fd66848db3d8c96169d4bb

SHA256
6d5f715fee58f8e02e750b4243a5ca4f117c912a55882072bf7b52d26cf31c07

SHA512
afb142189d33dc41cc3b52ff50cb01205d7c99bf8446ed69bb58220c1193ea74329143b019879306de544e973c8cd29afa60f6ec5c636758cca9998950cd639c

Download Submit
C:\Users\Admin\AppData\Local\Temp\6ced9b3330ad2c372902c1b38136fc3d0aeccdd1a916c8cfd0a809c1b06648ae.exe.exe

Filesize
537KB

MD5
eee6800b67e4ce6b023081d9dba3bf63

SHA1
5d72812c2bece8c43ecdcb84fb34f3d7c838eb0e

SHA256
8999f0f948e48667ebd2db8a65bea0dc30f459da5f76f91843675ec083eef7e1

SHA512
7c55f5aa17d25189d1c149e5afe00752787f516ebd52a858c6d12c9973e58be2d5db093b64b34a10147fa74df0afe6ddb2fd86a495739fb3ab51c77c8d5f8240

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
41a1fee41a294452d15bcbdfb5a84c35

SHA1
1b0fadfceb4b51453cd1884d5f859a6cdd68e892

SHA256
446a10f3f850f5c88c16d02ac8bbd8d39e126439836d30740c0e81c8959963e8

SHA512
e6a656cd615bf4fc2c601a6e66c1d04c9f0f56a777569434279e8d539c0ed24e6a6811352f3bcb8cbb35685275e4dd02433ab1082e296391f024f937eed3cc1f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4092317236-2027488869-1227795436-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
memory/3144-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3144-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4464-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4464-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4464-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4464-984-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4464-1061-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4464-1228-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4464-2619-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4464-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4464-4794-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4464-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download