Analysis Overview
SHA256
9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91
Threat Level: Shows suspicious behavior
The file 9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91 was found to be: Shows suspicious behavior.
Malicious Activity Summary
ASPack v2.12-2.42
Deletes itself
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Runs net.exe
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 08:20
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 08:20
Reported
2024-05-18 08:23
Platform
win7-20240508-en
Max time kernel
150s
Max time network
119s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\requests\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Internet Explorer\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Journal\en-US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Photo Viewer\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OneNote\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\fy\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\tr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\CrashReports\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Defender\en-US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ar\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\PROOF\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows NT\TableTextService\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\da\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Hearts\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\brx\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\am_ET\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Journal\en-US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rundl132.exe | C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe | N/A |
| File created | C:\Windows\Logo1_.exe | C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe | N/A |
| File opened for modification | C:\Windows\rundl132.exe | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Windows\vDll.dll | C:\Windows\Logo1_.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe
"C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$aF3D.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe
"C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe"
Network
Files
memory/2008-0-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aF3D.bat
| MD5 | c320b22e49923dc2bb44b6a72e03c1a9 |
| SHA1 | a9a01b39ddf2aece71293dab238857275fefcbb9 |
| SHA256 | 67a4680e325f0f520a2f6ef1dff7a21e89254fd5928d1b7d6e1b87ae82492206 |
| SHA512 | fb87c9626d2b07e74a57c0b6e5c5659e7b27d1a637667d27f12165b3be63c380060aab9671f211dbc1488a18486bfe9be828c05f5fbd642d34126d0175aa379d |
memory/2008-12-0x0000000000220000-0x0000000000254000-memory.dmp
C:\Windows\rundl132.exe
| MD5 | dea14af0f9be51fe72d08ec742a4cf0e |
| SHA1 | 716bc3363f0ec0da43a440bd069fad84084c0d2b |
| SHA256 | 5de83cf690c9e6f161d5897b1a29fe7a4c57a0ecee64e0150ae4114bff88e39e |
| SHA512 | 0b428f4fffca17146288f04f7d9197a022afef63cd081ff2146ea02c3db8583ab63193056a7d410cfdd48fb43dc177b7286cd77a25a81ad309ed22415b05a911 |
memory/2008-18-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2008-17-0x0000000000220000-0x0000000000254000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe.exe
| MD5 | 6211f2cc1e8c6643116424e39fddc3ba |
| SHA1 | 26881aa57c818068c821bba98628f456711baa5a |
| SHA256 | fcae6af423de10636532acc61734e26c1ffb0c52d507a794f6554878517eac98 |
| SHA512 | 13755d92c6d45a51e40c334fe3913c33ed2e85527afea8db36c0fde0a2d00078959b95dcf7686d0dd0e5ab87a1ccbabb872722176e5986272569953f7df54d6a |
memory/3028-28-0x0000000002300000-0x00000000023DB000-memory.dmp
memory/2636-31-0x0000000000400000-0x00000000004DB000-memory.dmp
memory/2636-32-0x00000000003A0000-0x00000000003A1000-memory.dmp
memory/1136-34-0x0000000002520000-0x0000000002521000-memory.dmp
memory/3060-36-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2636-37-0x0000000000400000-0x00000000004DB000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-2737914667-933161113-3798636211-1000\_desktop.ini
| MD5 | 1d8a3f28a10f9f8be912b9aa0d257c6f |
| SHA1 | 358ca1e31914fb991e009c945a40796cf465bb50 |
| SHA256 | 3887316b3cbbf3fa224813b5883e0ee043c8422d4f72d4ebdf0ae8a195b40d3e |
| SHA512 | b1ec3f07af4abcdc007ab43a9e685419176d74a6856df9be9085f5bc33178b91b30fc44667fd083d2aa818483b4ea216920fa479ebb277325c7b1e5d7a8caec1 |
memory/3060-44-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3028-46-0x0000000002300000-0x00000000023DB000-memory.dmp
memory/2636-47-0x00000000003A0000-0x00000000003A1000-memory.dmp
memory/3060-56-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3060-102-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3060-110-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3060-888-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3060-1890-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3060-2361-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | 533ce215a7c274602dc456ca375cef93 |
| SHA1 | 76c502d7c45eca3fd96f6b04eb850e751bc785dd |
| SHA256 | d70c9f73bbeed5cbc0df4a4d14bae68789f84d8092281337d2919322b288ce9c |
| SHA512 | 09d9dee36c48567921de4b7c31c4a822d5f9ed5e0b1cb0330031b320f40b5ba9b15e89dc37d52561094642c0ff16c14d32e81ed5b1dac06150fefbbd6f3365bf |
memory/3060-3352-0x0000000000400000-0x0000000000434000-memory.dmp
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | 4cfdb20b04aa239d6f9e83084d5d0a77 |
| SHA1 | f22863e04cc1fd4435f785993ede165bd8245ac6 |
| SHA256 | 30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9 |
| SHA512 | 35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 08:20
Reported
2024-05-18 08:23
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
102s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pt-br\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ru-ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Internet Explorer\uk-UA\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sl-SI\View3d\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugins\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\it-it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\de-de\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ar-ae\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\misc\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\ja-JP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sl-sl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\it-it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\legal\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\ThankYou\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ku_IQ\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\themeless\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-cn\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\zh-tw\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nb-no\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Install\{878BCDD2-1ABC-4948-8DA1-C8645DF0F833}\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\nl-nl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows Defender\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-gb\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\uninstall\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\de-de\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\text_renderer\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\loc_archives\en-gb\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rundl132.exe | C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe | N/A |
| File created | C:\Windows\Logo1_.exe | C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe | N/A |
| File opened for modification | C:\Windows\rundl132.exe | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Windows\vDll.dll | C:\Windows\Logo1_.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe
"C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6551.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe
"C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
memory/1380-0-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1380-9-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\Logo1_.exe
| MD5 | dea14af0f9be51fe72d08ec742a4cf0e |
| SHA1 | 716bc3363f0ec0da43a440bd069fad84084c0d2b |
| SHA256 | 5de83cf690c9e6f161d5897b1a29fe7a4c57a0ecee64e0150ae4114bff88e39e |
| SHA512 | 0b428f4fffca17146288f04f7d9197a022afef63cd081ff2146ea02c3db8583ab63193056a7d410cfdd48fb43dc177b7286cd77a25a81ad309ed22415b05a911 |
memory/4808-10-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a6551.bat
| MD5 | 878b791756e9484994b7d26264264cd9 |
| SHA1 | b279aa981603cac4de904308e082b544d1f467ca |
| SHA256 | 4739d718cb76658bdb13eba30e54e328042f5940236304b5ea15c46e83b9181a |
| SHA512 | bf0fa76c33b5fdf37062674fb852c5363b6bc8ad3559ab649f9bba4f2b25e8a45e0307c55daf250d5887830d059a26352fcd5d3213b96adec06084384f96d135 |
C:\Users\Admin\AppData\Local\Temp\9fd5e3555ea7a4b2d604ac0ad6ec0bffb17fdce7f14d9bb15d18041823a4ec91.exe.exe
| MD5 | 6211f2cc1e8c6643116424e39fddc3ba |
| SHA1 | 26881aa57c818068c821bba98628f456711baa5a |
| SHA256 | fcae6af423de10636532acc61734e26c1ffb0c52d507a794f6554878517eac98 |
| SHA512 | 13755d92c6d45a51e40c334fe3913c33ed2e85527afea8db36c0fde0a2d00078959b95dcf7686d0dd0e5ab87a1ccbabb872722176e5986272569953f7df54d6a |
memory/1080-19-0x0000000000400000-0x00000000004DB000-memory.dmp
memory/1080-20-0x00000000009E0000-0x00000000009E1000-memory.dmp
memory/4808-22-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1080-23-0x0000000000400000-0x00000000004DB000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-4124900551-4068476067-3491212533-1000\_desktop.ini
| MD5 | 1d8a3f28a10f9f8be912b9aa0d257c6f |
| SHA1 | 358ca1e31914fb991e009c945a40796cf465bb50 |
| SHA256 | 3887316b3cbbf3fa224813b5883e0ee043c8422d4f72d4ebdf0ae8a195b40d3e |
| SHA512 | b1ec3f07af4abcdc007ab43a9e685419176d74a6856df9be9085f5bc33178b91b30fc44667fd083d2aa818483b4ea216920fa479ebb277325c7b1e5d7a8caec1 |
memory/4808-30-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1080-32-0x00000000009E0000-0x00000000009E1000-memory.dmp
memory/4808-39-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4808-45-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Program Files\7-Zip\7z.exe
| MD5 | 599172594ccbf7e52eacdada5ebeba64 |
| SHA1 | c13df28c9018a4af1fef272905fdaf96e3fe9107 |
| SHA256 | e58452e488e9d795720c9cc87014bde55ce227aa5f1462d96191486073ae9b67 |
| SHA512 | a267f13e81362817d0914204a0a3d60e214725b6d2b2a5f0d63a3c48af33e47a73443188c182dcbdba0a9d5f75e797565a9dc72306c9217328807e93d6887626 |
memory/4808-62-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4808-1243-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | 533ce215a7c274602dc456ca375cef93 |
| SHA1 | 76c502d7c45eca3fd96f6b04eb850e751bc785dd |
| SHA256 | d70c9f73bbeed5cbc0df4a4d14bae68789f84d8092281337d2919322b288ce9c |
| SHA512 | 09d9dee36c48567921de4b7c31c4a822d5f9ed5e0b1cb0330031b320f40b5ba9b15e89dc37d52561094642c0ff16c14d32e81ed5b1dac06150fefbbd6f3365bf |
memory/4808-4810-0x0000000000400000-0x0000000000434000-memory.dmp
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
| MD5 | 2500f702e2b9632127c14e4eaae5d424 |
| SHA1 | 8726fef12958265214eeb58001c995629834b13a |
| SHA256 | 82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c |
| SHA512 | f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c |
memory/4808-5251-0x0000000000400000-0x0000000000434000-memory.dmp