c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 03:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe
Size

1.3MB
MD5

26f01492112c759dd4685bba8b5c4339
SHA1

57492402848a85ccc398970cf98da91a85f4789a
SHA256

c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f
SHA512

5bfc97f37ab50816b926591660e955810c161bb99d0ef4626238510951f81c9d466a171f42d9dd93fe212c08638f94dc26e9e828a2851cef2bc7b5ff83100f9e
SSDEEP

24576:a7fEzYGzY3+GdRBuj8k2xGxFYrkcUHcRC8jviDS0:a7MjY3+G1m2YxFYri8jviDN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1208	Logo1_.exe
4592	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\co\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\an\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-FR\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\intf\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\km-KH\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe
File created	C:\Windows\Logo1_.exe	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File opened for modification	C:\Windows\UNINSTAL.tmp	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
4592	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe
4592	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe
1208	Logo1_.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4592	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3540 wrote to memory of 1772	3540	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe	83
PID 3540 wrote to memory of 1772	3540	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe	83
PID 3540 wrote to memory of 1772	3540	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe	83
PID 3540 wrote to memory of 1208	3540	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe	86
PID 3540 wrote to memory of 1208	3540	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe	86
PID 3540 wrote to memory of 1208	3540	c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe	86
PID 1208 wrote to memory of 4304	1208	Logo1_.exe	87
PID 1208 wrote to memory of 4304	1208	Logo1_.exe	87
PID 1208 wrote to memory of 4304	1208	Logo1_.exe	87
PID 4304 wrote to memory of 4452	4304	net.exe	89
PID 4304 wrote to memory of 4452	4304	net.exe	89
PID 4304 wrote to memory of 4452	4304	net.exe	89
PID 1772 wrote to memory of 4592	1772	cmd.exe	90
PID 1772 wrote to memory of 4592	1772	cmd.exe	90
PID 1208 wrote to memory of 3388	1208	Logo1_.exe	56
PID 1208 wrote to memory of 3388	1208	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3388
- C:\Users\Admin\AppData\Local\Temp\c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe
  "C:\Users\Admin\AppData\Local\Temp\c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3540
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a60CD.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe
      "C:\Users\Admin\AppData\Local\Temp\c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4592
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1208
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4304
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
548ddcade423bdb543717d8073ac88d5

SHA1
0210f769b1b16ae5e569e65e20fafbd12f2d0e04

SHA256
052524488f71bf143183bbf817657f609e226b2830071e8dea7fcede4c0ec052

SHA512
8576336e7eb0b1132dc5c4eef772ba5f9b57844173f17d9c5cf1fbb09afa443313a1675fcd03e028c592ecc59d0f52ea44529c58f721ccfc2bc958ae292bb0b0

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
a25ee3592c8e217cde1b3017a57c80c9

SHA1
635e8cedf6e233206d6f261cd70723f2fd06b0c5

SHA256
514daca39828d42cfdbb9bd266895407710979b10cc7eb8d792a7721d2b6cab8

SHA512
457b88f8d4390db5c6212733dcb9aacf0d98862652be4e8e8cc92706eaefe8c0ccbb7b1eaaa7d2b56274978f151f92a14ae6c0de8d2289d1070644d9aa819510

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
53ee62011469b286a2a1b5658c86b9bf

SHA1
9bdac0b23b0a965947c780c6a6b48fc7122f9ade

SHA256
7125735e4e8595f1c17ff3235bc65dacabc2ec874b29ac7ba8eddd80ad10b3c0

SHA512
c9c24e578da0a38048e71548fac66465bcb624e971f745bba559e8c49fd621752e718d4c983a90a97277407bb23348ca109436e1eeebef030c3b599c712ff236

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a60CD.bat

Filesize
722B

MD5
20f6cbfe07b35f2453b40253ba75aa34

SHA1
834d29d7f11d36722963cb159ab17acddca0c770

SHA256
8d9629d7175f5d84afc055e7b0a64d83ccf8b47f95bdd7fb469071569048267c

SHA512
b895db7cc600690336b2cb474e8121ffb41c57d45954af9bdbb416a6d3b0e82e3a73f2ac912f161469dfa40bd4025f944086cc44906becf2fa8acc6cdad1c629

Download Submit
C:\Users\Admin\AppData\Local\Temp\c7a69705350f35a0ad3b43a891c36ac60d91a30d8a762c0a6962e7dfe3a1ed8f.exe.exe

Filesize
1.2MB

MD5
f0cdc40ab2003d0e90c5d65970ff2e01

SHA1
a8cd88192f07136a6d55953883db282e712e9e08

SHA256
e7f2bae55bcd25d60aa46a40ac5f7e748f603374e17db95b52d00e61486f07ce

SHA512
88a3213870b11b2b4f11724785cfd5f7d0f6d449b32fdef59e447bc586941cd632bf34ee1ef4c851274875ec7cf017c19140a25e71385beeca4f3ce5f1752a4c

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
bf432bacde0b936f7fd20c466ec0bfc9

SHA1
aff70b2cb9c409e3b63e7fc33f132441edad86db

SHA256
5d2e80c8e42ad3cf43ca754fb4597753ec8d80fc7d027e11f43536dd2f88d39e

SHA512
c134428f8da55038acf63eaae12357060574e2f062befc57c6a69c6833ab10a4eb08c6f36cd6433de1538f2b5b09ef8bb74acb8235856a5aac024914165c1a1a

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-776854024-226333264-2052258302-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
memory/1208-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1208-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1208-28-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1208-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1208-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1208-1227-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1208-4391-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1208-4793-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1208-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1208-5113-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1208-5232-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3540-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3540-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download