28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12

Analysis

max time kernel
149s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 23:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe
Size

40KB
MD5

1d2b84f8d068e0a06b3059d67370677a
SHA1

0ff4cc5d331b9a3e2b19ddd299237d93e6e5ba6d
SHA256

28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12
SHA512

d463518b851a5fda69565627f0d1887ffc086fdc43f08696b799184cb57657e54ea479f5c5118da6ae5ec9e5b3eb1e606a2ed5a290bf48fa503fea3cb7f2f500
SSDEEP

768:pHFc16GVRu1yK9fMnJG2V9dHS8ANlEMi2jpv8vC:pHw3SHuJV9NUNlj958K

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2356	Logo1_.exe
1012	28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\typing\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\MixedRealityPortal.Brokered.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access_output\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\tr-TR\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\libs\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe
File created	C:\Windows\Logo1_.exe	28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4220	1012	WerFault.exe	87

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe
2356	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 4380	4896	28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe	81
PID 4896 wrote to memory of 4380	4896	28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe	81
PID 4896 wrote to memory of 4380	4896	28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe	81
PID 4896 wrote to memory of 2356	4896	28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe	82
PID 4896 wrote to memory of 2356	4896	28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe	82
PID 4896 wrote to memory of 2356	4896	28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe	82
PID 2356 wrote to memory of 2452	2356	Logo1_.exe	84
PID 2356 wrote to memory of 2452	2356	Logo1_.exe	84
PID 2356 wrote to memory of 2452	2356	Logo1_.exe	84
PID 2452 wrote to memory of 1136	2452	net.exe	86
PID 2452 wrote to memory of 1136	2452	net.exe	86
PID 2452 wrote to memory of 1136	2452	net.exe	86
PID 4380 wrote to memory of 1012	4380	cmd.exe	87
PID 4380 wrote to memory of 1012	4380	cmd.exe	87
PID 4380 wrote to memory of 1012	4380	cmd.exe	87
PID 2356 wrote to memory of 3460	2356	Logo1_.exe	56
PID 2356 wrote to memory of 3460	2356	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3460
- C:\Users\Admin\AppData\Local\Temp\28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe
  "C:\Users\Admin\AppData\Local\Temp\28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4896
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a377B.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe
      "C:\Users\Admin\AppData\Local\Temp\28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe"
      4⤵
      Executes dropped EXE
      PID:1012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 776
        5⤵
        Program crash
        
        PID:4220
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2452
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1012 -ip 1012
1⤵
PID:4160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
6414be365a33e0066dae1212f40e01de

SHA1
aa0f1095a9086fdaa4e76a1502458b0a62df6aea

SHA256
05fc90a578a5395b12f2493d2d81faebdd07884b9ce4338a1d9486dd4dcae695

SHA512
e5503bb8469ad664b0aa840af0f0cb83f43fe8be79bd5c8b89879d50ad3b208b2b714ceee59dbd2be8881db0ee3c36e2f4063180459cbf70f2202aae770f02ac

Download Submit
C:\Program Files\UnlockWatch.exe

Filesize
1.4MB

MD5
6ed89dff96166252928ec948614017ca

SHA1
6d6c4943fb32744d10422a319432892075dc224d

SHA256
22dcbe4633218b23a3eeea6b9e86acf994f0bfca8c60207306280b7704168ef1

SHA512
64f8f119fe0dabf4f4e3061b2807843b65fab5a25aee89bd7e0e7891526c4f61d4db207d595999221b2bfc9f4d0f52e8e316008e0994c8dc43b300f7dbdda9fc

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
c8d281da4c32df16eef470c27c8cb459

SHA1
00efc9f6844bfaa37c264b6452c6a7356638ab10

SHA256
058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

SHA512
e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a377B.bat

Filesize
722B

MD5
753c37caecd8a175616cb1a7a5e9ea55

SHA1
70d6b411c8a53f28aa206873d071510e77b37524

SHA256
2c1d3f33c93ba26fda6d72fab58a7de8b5e9d34478cd6fa8754dd35020385309

SHA512
12055ab5f11138e850c600d8ae278c0136407aabf29b770535b482efc50a05b03e3bcda4546239266b4c9a31186c943f22f81f3d7be5107621703826af766989

Download Submit
C:\Users\Admin\AppData\Local\Temp\28d83eb8bb7619d599db8361ca8917c6cb490bf57b33cdc43145f8b0447e7f12.exe.exe

Filesize
11KB

MD5
02be6d33b1edbc61c79882d3f556bd8a

SHA1
8d0afa78893ae5f04e505db0d76d0d50cf34e7da

SHA256
4c9f9b9de2ffeea9ccc6524d05ea5b78a14c1642cecc189fe40e7a57a6c294b3

SHA512
39949d9a14a17d7cf31aa222a6547be7663673872d5091a77c64b0cd863e399dcdfbff70443bc9a2c2dccc658a998afc5189469723bb5f4c8adeecab47b07967

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
30b1ef69af461b95b4bc841004fc6dc3

SHA1
bd5a8b12a9a9708221f725478049463fef2cd8f0

SHA256
921368914fba3c4a879328622ab4d117b7d3211e6ed61853a2c455abb3ce09b7

SHA512
554b72cc0dede3023082e221045a361060db9d4181be32e924724c95ea273396c8d58962f1d50718cba9ee83247f0ca6d0143f3401fed5267fdb804bc52df009

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2447855248-390457009-3660902674-1000\_desktop.ini

Filesize
9B

MD5
03c36dbecb7f35761f80ba5fc5566da6

SHA1
159b7733006187467bda251a1bbb278c141dceb6

SHA256
85a53f5b976fb1c26ce14c31e93c1f68997d2d8b09ab9aa2b7e0d32b8e50ec3b

SHA512
fe573085d2abef34adcede2f89b1c2810875ab00ef9ba27a1d95ed1dbe93e182fc53d981901a0b8048dd4eb5fdc852b8f0e0c3a0e1a404cbbe70e13a7a14104a

Download Submit
memory/1012-19-0x000000007480E000-0x000000007480F000-memory.dmp

Filesize
4KB

Download
memory/1012-20-0x00000000003B0000-0x00000000003B8000-memory.dmp

Filesize
32KB

Download
memory/2356-29-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2356-35-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2356-39-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2356-22-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2356-75-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2356-1235-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2356-4790-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2356-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2356-5229-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4896-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4896-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download