98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6

Analysis

max time kernel
150s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe
Size

228KB
MD5

53700c97ae8b4346d21d4757db904d6e
SHA1

e05ffd3daa5951d4f60c635734ed842011b26ca9
SHA256

98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6
SHA512

aaf774ea0f683a441e4136209e5b4fe59f745be812e56545bfd5b497262d3767c19e93180150b90873047c42303be849ef4f69d582235210e11ebc6f43cefb5a
SSDEEP

3072:HftffjmNOglk9hVQNR44tl5uCmR4MKz89g5kL42EnE:/VfjmNOglk9hVQNR4uKR4lHrE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2880	Logo1_.exe
4320	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VC\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Update\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.195.15\MicrosoftEdgeUpdateSetup.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\swiftshader\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft.NET\RedistList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\amd64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\pstn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\Json\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cy\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\da-dk\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe
File created	C:\Windows\Logo1_.exe	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
4320	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe
4320	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe
2880	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 3444	4104	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe	83
PID 4104 wrote to memory of 3444	4104	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe	83
PID 4104 wrote to memory of 3444	4104	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe	83
PID 4104 wrote to memory of 2880	4104	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe	84
PID 4104 wrote to memory of 2880	4104	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe	84
PID 4104 wrote to memory of 2880	4104	98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe	84
PID 2880 wrote to memory of 4744	2880	Logo1_.exe	86
PID 2880 wrote to memory of 4744	2880	Logo1_.exe	86
PID 2880 wrote to memory of 4744	2880	Logo1_.exe	86
PID 4744 wrote to memory of 3532	4744	net.exe	88
PID 4744 wrote to memory of 3532	4744	net.exe	88
PID 4744 wrote to memory of 3532	4744	net.exe	88
PID 3444 wrote to memory of 4320	3444	cmd.exe	89
PID 3444 wrote to memory of 4320	3444	cmd.exe	89
PID 3444 wrote to memory of 4320	3444	cmd.exe	89
PID 2880 wrote to memory of 3436	2880	Logo1_.exe	56
PID 2880 wrote to memory of 3436	2880	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3436
- C:\Users\Admin\AppData\Local\Temp\98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe
  "C:\Users\Admin\AppData\Local\Temp\98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4104
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7ACD.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe
      "C:\Users\Admin\AppData\Local\Temp\98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:4320
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2880
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4744
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
244KB

MD5
b2bbeedfe4ff37a75acfe1b05c6ce0d2

SHA1
66acd5d70a811f952046942eb1341e288698d9c3

SHA256
a5a0ecd95ad313f7ca49805d693e888d25a64ab2ab2b7368b2b8f20979628e63

SHA512
745287c22b080e1e97dac10cb67507eaa2ed61287dffd2acbb3d543d9865de87d79d9e4d91e90cceeb8609a9c2f7dd83ec80f001a998c8241ac9d7146f82da45

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
ab1f0824d456e1b068b1792af73bc2cb

SHA1
cd8965d9e0022007e535fdb338142b18373bae04

SHA256
70b0ec088ab5bfaea3655ad85797f8316d0676d9f0fa06e71cc2a35598a00e76

SHA512
221acc79f2f5ddfefff77bfe1c53bcd44c528e838584d4597ad0ce9b326a457b9455b9b470575de1f92c26dc1f3399430644674334d7bb57cf333b0ce477a0ef

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
53ee62011469b286a2a1b5658c86b9bf

SHA1
9bdac0b23b0a965947c780c6a6b48fc7122f9ade

SHA256
7125735e4e8595f1c17ff3235bc65dacabc2ec874b29ac7ba8eddd80ad10b3c0

SHA512
c9c24e578da0a38048e71548fac66465bcb624e971f745bba559e8c49fd621752e718d4c983a90a97277407bb23348ca109436e1eeebef030c3b599c712ff236

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a7ACD.bat

Filesize
722B

MD5
0880e1e3b3a04e4153cc75df0f214387

SHA1
ae12ab09b83f9f147f001a873d09f8de2ea42925

SHA256
7d9bcb2d29109090c28dba757e04a12cc302b4a0a69a6f5b9c52b8da5fe49862

SHA512
05360e5250e37b6ff20be61077a6f756392a234d019b8d7d717ed9807f500f0573cdb8e759ecb17e4a1d4751919bcee358f7026c1a05744820bc200ecfe1abda

Download Submit
C:\Users\Admin\AppData\Local\Temp\98b30cb433d32005907f630c8daff3939d9b5651316d9702cbec5d76cc3faab6.exe.exe

Filesize
201KB

MD5
ac61de6c9c8a41c134e9b4302edac42f

SHA1
e1b94b71ab4e55108434c424def60b8036ca95f7

SHA256
240b4a23f829ec05943cb160ab911856e7a7893506e74f3ec4a51867a39c4ab1

SHA512
f28a219f9c30fef89aabe6f4998e0bef87a3ab71f9a7d0b4a3460839bbb3635aed637e7b53d2badec3353d8aec11c36a614d8a20991e1a3ec1960495173b6ff7

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
3d17ef9d5f75b01b3bd4a753a0803d09

SHA1
35141385960bea6a36106c36814c887d541d8d6c

SHA256
fb150d38c855e388f8270719a6aca974b4085c58e2b4221951ec1f9c826be2c3

SHA512
6caa17424e19d42b415c8e842c36e43242efbea92752061cf8e3368ba375ef4c3e71c68ac3373c00a2c6783fecc526f570566b40c675f5e8c833fe8dc89b7c0d

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1302416131-1437503476-2806442725-1000\_desktop.ini

Filesize
9B

MD5
79a2fb76ad00a8ac07f11b6a179f5297

SHA1
72b4f589fd7945d8c80b370d1d3a1f2467f3eb81

SHA256
2f723e98c3a3556269a4d81d4a27d6a0ab13a84c5ba737493c07354a2608684f

SHA512
3a21c2e60e8e035fb90d428e86bb927077d8354a16f1abc291ccba4a4d7fee4f51cf781fa9202e5602a88ca70a6ba264ac49762100be5f6e09a2ec930e098168

Download Submit
memory/2880-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2880-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2880-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2880-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2880-1232-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2880-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2880-4791-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2880-5236-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4104-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4104-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download