05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17

Analysis

max time kernel
150s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 06:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe
Size

244KB
MD5

3a5178552f3e49a9152d91ebbedfb177
SHA1

579c5230d4a7f77c76791f9d44830f81a9d94181
SHA256

05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17
SHA512

4778a91e500387ae37c27a81a9e9981c7366c79097f0b90a588b456df6fcb43e98583b8d9fe01139eb456406bc75c88e0e6ddbdf9f8d37aa4173efc9483739b9
SSDEEP

6144:XVfjmN9qml5a6EdkQxiUmRQColKGAOPQK2GwIgfx+qSfF0:F7+Uml5a6EdkQgUmR7G9QK3wJx+qSfF0

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3876	Logo1_.exe
4884	05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\setup_wm.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\rhp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\meta\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\be-BY\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe
File created	C:\Windows\Logo1_.exe	05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe
3876	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 3008	5000	05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe	84
PID 5000 wrote to memory of 3008	5000	05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe	84
PID 5000 wrote to memory of 3008	5000	05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe	84
PID 5000 wrote to memory of 3876	5000	05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe	85
PID 5000 wrote to memory of 3876	5000	05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe	85
PID 5000 wrote to memory of 3876	5000	05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe	85
PID 3876 wrote to memory of 440	3876	Logo1_.exe	86
PID 3876 wrote to memory of 440	3876	Logo1_.exe	86
PID 3876 wrote to memory of 440	3876	Logo1_.exe	86
PID 440 wrote to memory of 3572	440	net.exe	89
PID 440 wrote to memory of 3572	440	net.exe	89
PID 440 wrote to memory of 3572	440	net.exe	89
PID 3008 wrote to memory of 4884	3008	cmd.exe	90
PID 3008 wrote to memory of 4884	3008	cmd.exe	90
PID 3008 wrote to memory of 4884	3008	cmd.exe	90
PID 3876 wrote to memory of 3476	3876	Logo1_.exe	56
PID 3876 wrote to memory of 3476	3876	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3476
- C:\Users\Admin\AppData\Local\Temp\05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe
  "C:\Users\Admin\AppData\Local\Temp\05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5000
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5F08.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe
      "C:\Users\Admin\AppData\Local\Temp\05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4884
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3876
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:440
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
5afbbd16446b25aa166a2ccfb4dcdaf6

SHA1
d4087dd98b2663c56e403368c8b09ac099ce3d51

SHA256
9017aecf900febaebebc07d7415cf561c5c6a47e9a2b7e8b950f1d684b1169ad

SHA512
b9979cb2ae8b881ec26c171e0ce81ab9ff3552593a9525f79aea31eb650a6627df332e518d258f2a7ea5a72190e74df71a5366ed59b44d76e3e9054419c41672

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5F08.bat

Filesize
722B

MD5
60c93e0671c6e9e7e5c4053d512ed7ac

SHA1
ac3b5c598d6a9b03841a9f075ff0b8a58af4972d

SHA256
09589d64d9ee4da5f4aa64f3635c4c948b7047dd95b9f89183700bd44a611666

SHA512
92fd4e4b2296577e7fdb5e5ab1722f8d2629c883442e71e91d77f2333aef771bf152f43bd1c9937d057c130ccde959f1432d5e250fc6e4441c6e12a981121f83

Download Submit
C:\Users\Admin\AppData\Local\Temp\05d6b69f9bf9b8bb18c855fcc6c5bb1c9935b4df30fa8a158ee8c5e4a820ba17.exe.exe

Filesize
217KB

MD5
021c57c74de40f7c3b4fcf58a54d3649

SHA1
ef363ab45b6fe3dd5b768655adc4188aadf6b6fd

SHA256
04adf40ba58d0ab892091c188822191f2597bc47dab8b92423e8fc546dc437ef

SHA512
77e3bbb08c661285a49a66e8090a54f535727731c44b7253ea09ffe9548bae9d120ef38a67dfa8a5d8da170dde3e9c1928b96c64dfc07b7f67f93b478937c018

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
37f152543d8008539dad08eeb5d12306

SHA1
a9eaff85ebd187b6169aa74ab3316c947cc042af

SHA256
95723cfa7a8be184cce6a1691fd5ac79937feb2688c1a67540678acd4da64411

SHA512
6a7e258652e65a8e80c8e55cb6621c609d4ccf2d5238e5fa3a00d9ca39733bc3925a3cc5a7227fd9f4e2b99a548325fd53e37296dfe460aa655ab038241a86f8

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1302416131-1437503476-2806442725-1000\_desktop.ini

Filesize
9B

MD5
4a3bb7dd20666e6acdbbb0a30534552a

SHA1
9734039e7de3c663de70f65e731dc3426e73940c

SHA256
44b303f424240fd96e60c63ce757a0011734fd320fe031942712f1a1a083fd47

SHA512
8b20f7e731d617da7c6d7c1fe1b50424ce3edc58cbc7598b662f0db6e0a31dc92e2d1ecd56021fe43e035bd36e4edd9d3cb80f22afc224096cc3974396076f07

Download Submit
memory/3876-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3876-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3876-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3876-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3876-11-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3876-420-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3876-1234-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3876-4792-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3876-5237-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5000-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5000-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download