a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 20:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe
Size

364KB
MD5

2f391c027f2e68aa5f027c4330317c3b
SHA1

a19affcf8b160226b3288ad7bc25519f192c4e5e
SHA256

a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6
SHA512

401052be46abcf747d4d260c604a46e9172b7ba839860276fdfd3b7b4020c399615503e01a2dd14bd84e8df647f911820cb1139729dc477c0c904aec1b2dde5a
SSDEEP

6144:1uJX2zU66bkWmchVySqkvAH3qo0wWJC6G/SMT4FWqC:nU66b5zhVymA/XSRh

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3620	Logo1_.exe
4544	a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\default_apps\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\typing\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.UI\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-FR\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe
File created	C:\Windows\Logo1_.exe	a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 436	3536	a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe	84
PID 3536 wrote to memory of 436	3536	a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe	84
PID 3536 wrote to memory of 436	3536	a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe	84
PID 3536 wrote to memory of 3620	3536	a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe	85
PID 3536 wrote to memory of 3620	3536	a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe	85
PID 3536 wrote to memory of 3620	3536	a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe	85
PID 3620 wrote to memory of 1480	3620	Logo1_.exe	87
PID 3620 wrote to memory of 1480	3620	Logo1_.exe	87
PID 3620 wrote to memory of 1480	3620	Logo1_.exe	87
PID 1480 wrote to memory of 3408	1480	net.exe	89
PID 1480 wrote to memory of 3408	1480	net.exe	89
PID 1480 wrote to memory of 3408	1480	net.exe	89
PID 436 wrote to memory of 4544	436	cmd.exe	90
PID 436 wrote to memory of 4544	436	cmd.exe	90
PID 3620 wrote to memory of 3436	3620	Logo1_.exe	56
PID 3620 wrote to memory of 3436	3620	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3436
- C:\Users\Admin\AppData\Local\Temp\a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe
  "C:\Users\Admin\AppData\Local\Temp\a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3536
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a828E.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe
      "C:\Users\Admin\AppData\Local\Temp\a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe"
      4⤵
      Executes dropped EXE
      PID:4544
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3620
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1480
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
247KB

MD5
8885e2a153d540adee7c739c4cc5acca

SHA1
1d2b4d05606b9d94a0cd2fe4aed0174cb773e59a

SHA256
09e7d29e1beb9710f1ccc3334f41b90cd3dff247e5a5e60731c5108de35b0d7d

SHA512
acb0abd88b37557ddfa7d8a480f0818d6d919301502c0a493fa310b00264d3dd9cbc2936e31d783ecda5270ff55ec8030430c7a49a8d777e3477c633094981c1

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
e263988e3776d0fe50a9a1d8511a131e

SHA1
76cdb2bbab1072cf8a626cb1d93536c6ea23b2a8

SHA256
fbc259cae420b712850fdf5f445c4a315f086cd1ade759d1a7b2662bf8a8d137

SHA512
4bc052f35f3bce4a174ef10880ad1a4768dd98197aa7fedcb271d08957f265b9fa4bd9a222e75378d0a9ce6ce28ed752282b6720bbdb70c406fa8b7cf4157fde

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
07a92bf1a322e697d6db870283c0f9bc

SHA1
11ba917d8d7856ad2d07397850a91199992d20f1

SHA256
1f3ebeb24334223ef1aba7285df0ad2fd0e14a9ecf8e91d9fdc849568a5b0d0c

SHA512
e80b5f34c40bd6db42652cfebff7edf92259861c9d3155d9615a6aaf6eb68d51089d72a27dbaa4e1e31489ba04fe22a09231cf4eecf195945b062a82c3a420f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a828E.bat

Filesize
722B

MD5
36be340bbcd157006cd970b3b03dc96d

SHA1
b60450216a70cbb943d7aea6ce20c0016625a236

SHA256
aeae72fb71b3bd7e497a3d1a22c31405cea64aa16f9e4580935a7fe57b64b6b6

SHA512
8c0057ccc3d30e515ef19a90e86ad4f51ecd48ca3a560086e484622cf9ed2bd4b75b896f20d858deb24273e0e7fe935c045e7a45787c8d6bf72dac11d5970219

Download Submit
C:\Users\Admin\AppData\Local\Temp\a6a4f48aed81b08398023bee884be5d245301535ada986dd141217d8965fb8c6.exe.exe

Filesize
335KB

MD5
40ac62c087648ccc2c58dae066d34c98

SHA1
0e87efb6ddfe59e534ea9e829cad35be8563e5f7

SHA256
482c4c1562490e164d5f17990253373691aa5eab55a81c7f890fe9583a9ea916

SHA512
0c1ff13ff88409d54fee2ceb07fe65135ce2a9aa6f8da51ac0158abb2cfbb3a898ef26f476931986f1367622f21a7c0b0e742d0f4de8be6e215596b0d88c518f

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
1e9396ac5f6e65d6ea2ed013d7ae3502

SHA1
b3041a94d787beb8be5b228f9fdd3278638898f5

SHA256
fa40e5dc8c8a0c6014f260ff497d33ac642cd9dd60120f26a0bdca3b7325f1ed

SHA512
376888fa21b5e12ae68898655b85f9dba91e5c4f9973b70155170fd7a1afff893c94128d4576fd00fe8fc01ca4913150c75f8f27878ebeeb3fc2d5d40c89fb0b

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-523280732-2327480845-3730041215-1000\_desktop.ini

Filesize
9B

MD5
3b9738054ccca70c6388d7fff8327e1b

SHA1
6b4aad0674395fcb7f9b753812caaa48526909e0

SHA256
246c7ef25b50a6cf45e8608f299c75061cc26b42adbd8de22d9fb18d6454bdc1

SHA512
5f1cbd94fdfebec10186820b244fdc6922e177f8de4c049b3544ab101ace859f7ee2915635d5dc91b8e0cc8adca9a9388f7009a72b6ca2a3d35da4a6c923d8ca

Download Submit
memory/3536-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3536-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3620-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3620-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3620-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3620-545-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3620-1234-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3620-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3620-4785-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3620-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3620-5230-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download