49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8

Analysis

max time kernel
149s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe
Size

1016KB
MD5

03117ed13fdc04f55c4635cb6abcfcbd
SHA1

a5a95d3a71e7f26f232a2f4fa8f45519a4103f5d
SHA256

49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8
SHA512

85114e9b4b6452b22e3ef5da5ddecae435460ccfab2974899affee9a84aa0510a20afbaea3c0ed47168e06a6a2a9b82f848e57a8057382b088f12b3c2fcacc11
SSDEEP

12288:sRrXcB62E+/E1EbtSf7lJgrOaDnRg0R/NNq+AW+cVQuzHjDjYL1Io:csjc1EWgl1Nw+AWpV/jjK1r

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3300	Logo1_.exe
4728	49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\collect_feedback\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Wide310x150\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Lumia.AppTk.NativeDirect3d.UAP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Deleted\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\MSBuild\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{C3E3E3FE-58F3-42A4-88BF-9E018DCE4D47}\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-si\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe
File created	C:\Windows\Logo1_.exe	49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe
3300	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 4408	4464	49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe	84
PID 4464 wrote to memory of 4408	4464	49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe	84
PID 4464 wrote to memory of 4408	4464	49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe	84
PID 4464 wrote to memory of 3300	4464	49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe	86
PID 4464 wrote to memory of 3300	4464	49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe	86
PID 4464 wrote to memory of 3300	4464	49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe	86
PID 3300 wrote to memory of 2548	3300	Logo1_.exe	87
PID 3300 wrote to memory of 2548	3300	Logo1_.exe	87
PID 3300 wrote to memory of 2548	3300	Logo1_.exe	87
PID 2548 wrote to memory of 4236	2548	net.exe	89
PID 2548 wrote to memory of 4236	2548	net.exe	89
PID 2548 wrote to memory of 4236	2548	net.exe	89
PID 4408 wrote to memory of 4728	4408	cmd.exe	90
PID 4408 wrote to memory of 4728	4408	cmd.exe	90
PID 4408 wrote to memory of 4728	4408	cmd.exe	90
PID 3300 wrote to memory of 3488	3300	Logo1_.exe	56
PID 3300 wrote to memory of 3488	3300	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3488
- C:\Users\Admin\AppData\Local\Temp\49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe
  "C:\Users\Admin\AppData\Local\Temp\49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4464
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4287.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe
      "C:\Users\Admin\AppData\Local\Temp\49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe"
      4⤵
      Executes dropped EXE
      PID:4728
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3300
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2548
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
247KB

MD5
3e82fc720d2afe49b22465755408097c

SHA1
a5a3b7b71704a5401135525b4948d6c33f62d253

SHA256
08e4dd11bd8686ec5b3c22c4db02867478e2e7fe633ccce71f0c67251ca2f788

SHA512
ce05efe6d144f23c93d9d1d6c435b298c447a61ffb2d51ddf995ff6aded8dc0065dd1974d09b89e614ac1e5339693b17897cd3689ee511f195a3395db0ba2322

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
0e37c09a90014c1d86b46069f29c4306

SHA1
5348bff8a75861c7943eb931714d246e28f634fc

SHA256
a854618b80799f36f9e7094c450557af93061deab548883fd1b3215cd2f18ca6

SHA512
ebffc1e2bf426874e3eb30a4cd9bf1cf44a4d2f9a89791b81fc1d96d41230a9db3e5451fdea40d4441a7a30261d4b7c0b4c8475846dfc372d2d6e425022226b6

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
135a674588586819116b9a64d9f64719

SHA1
7c4b7384dbc8d88b7e2e420b0bafd67a97679d92

SHA256
14891711e77944290711930de8c62d56e930c07ba61e13b720f0f3be6ecc4cee

SHA512
431c01bf5a5048f487d37d280222e6014c5ad874d269c6d49253f1d49f05b3c53bdabb2084219f58f4f9440ba754a0c4d0f7d078d7ecddf24e653546dae09f11

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4287.bat

Filesize
722B

MD5
8e5a8681343c47c10712e6c928a21da6

SHA1
ea29c8295cda02dff7d080a0c1861e7813c07d19

SHA256
c83c941d5b9eece3743c61df9c2e4492d2bdb2b131c9d47e8438ce3d7dc70faa

SHA512
1c3bf187781c5bf472d610b312b712da87baff6bda287f6296e86aef7325322993914b095941e17a33c343625e0d66cc242cb82f7bcf0aabb50d5e890007c158

Download Submit
C:\Users\Admin\AppData\Local\Temp\49baa78921418d08ca49fd808b9ab9916fd90f353e9c709df17ca36ddeecf6c8.exe.exe

Filesize
987KB

MD5
3d194286d43f9589f5caa7ada1408e89

SHA1
17587fc5df6c6926a37753a584adb26e6a47760e

SHA256
15a188e3b2ddac28860f4dc8132db282e883ab6880b09f3ad1f150ba5c61b9c3

SHA512
a99c98f8cb386708f76e82348e83bb2be23f38236d597642eb6753030585c96736575a15a4104d39a4ccc3c56e2d888c7b0b2276b47a505f0ec04f8c05b68597

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
13cb5c936526fdd9214907187330462e

SHA1
2d888b3ab837034f725be36681d9e96d8c698353

SHA256
37b8a2d02981de0ebd1837dd624f96d12eb8dbf14fe6648e6322da5463203c47

SHA512
a09ad1a94183b04ed91a7a363031ffc34963d33b09357bf068c142ef561e20fef74fe9e04f34caa129d853c9a49c280b2bd457bcdf374fa748eaddf6fcbf7cea

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3726321484-1950364574-433157660-1000\_desktop.ini

Filesize
8B

MD5
5979a5ab5d6ce7068aff133101a79c52

SHA1
8ec7729d3782fc978cc50f9b3217fc8309ae7733

SHA256
6b009cde89047fc55503dc0b3649d341e98320a0438d044bc8fb068d0c919ef1

SHA512
213c10a6b5b394b2736619ed0418ba715e643dfa08b5827757dd64b1718ddec6a44822ff4b192bd594997cc13bc2027d03c029537ed2f12591b370ec1f242f2d

Download Submit
memory/3300-29-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3300-22-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3300-35-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3300-39-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3300-49-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3300-1240-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3300-4803-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3300-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3300-5266-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4464-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4464-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4728-20-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/4728-19-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download