33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056

Analysis

max time kernel
149s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe
Size

160KB
MD5

0ec51b9dd23acc5d4de0cbff6e7725b2
SHA1

5a7e4a6dff4875097306b1b097c07c81f64c7654
SHA256

33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056
SHA512

1d3c2e883bae8057da9d018add7fb514f7f1579bda760eb833de5ecbe02cb9bd4ba73cd9df81c035f8cd99b1ee00e7c88ca697f8cddcd090604311d39d3906e8
SSDEEP

3072:pTgkuJVLi99djmMGWBgh1002J8emEu3T7TO+9Z9sTOVrZzxVxU:LuJKYWBW1Wu3rOOuOVr8

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3840	Logo1_.exe
4772	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\th-TH\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\7-Zip\Lang\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\meta\reader\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\meta\art\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\SplashScreen\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\cookie_exporter.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\brx\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\HoloAssets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe
File created	C:\Windows\Logo1_.exe	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe
3840	Logo1_.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4772	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe
4772	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 2844	4332	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe	83
PID 4332 wrote to memory of 2844	4332	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe	83
PID 4332 wrote to memory of 2844	4332	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe	83
PID 4332 wrote to memory of 3840	4332	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe	84
PID 4332 wrote to memory of 3840	4332	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe	84
PID 4332 wrote to memory of 3840	4332	33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe	84
PID 3840 wrote to memory of 4516	3840	Logo1_.exe	85
PID 3840 wrote to memory of 4516	3840	Logo1_.exe	85
PID 3840 wrote to memory of 4516	3840	Logo1_.exe	85
PID 4516 wrote to memory of 4200	4516	net.exe	88
PID 4516 wrote to memory of 4200	4516	net.exe	88
PID 4516 wrote to memory of 4200	4516	net.exe	88
PID 2844 wrote to memory of 4772	2844	cmd.exe	89
PID 2844 wrote to memory of 4772	2844	cmd.exe	89
PID 3840 wrote to memory of 3420	3840	Logo1_.exe	56
PID 3840 wrote to memory of 3420	3840	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3420
- C:\Users\Admin\AppData\Local\Temp\33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe
  "C:\Users\Admin\AppData\Local\Temp\33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4332
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBA47.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe
      "C:\Users\Admin\AppData\Local\Temp\33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4772
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3840
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4516
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
247KB

MD5
39f77f4bf41f3d1062fa8fe88ae0ac96

SHA1
28c26ed527b667140444e78da9aa28ac701c4655

SHA256
83ee7a1787cd3d526fce9c190f60de08f690b87a311640a3edd96f0c20d4f52a

SHA512
bd75b82865d35661deda19c09ae68b62aa738095088ca01fb38ac2dfe87ef36f5d88e4155b50ff9ff7105c0f608a46d7fe4fc058e945f2fed28ca0f07cb98220

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
7a309f6b6f27b64fd4a2e54329f7d5d3

SHA1
373365dfaab881b5a69cc1b146ccf374d0b8691b

SHA256
2358f0d6cbeda72d2511ad79449f3840dd09fca5ced6a40b6dbbfcb5058b10be

SHA512
44df9b6c082c8d1a1ffee59f38769cd7acf8b75f8640957a5c10127ba4fba625b79722eb6ecc4296618cdc921dcd882e4af6019f71595596c03e163fbbf9a0e8

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
c8d281da4c32df16eef470c27c8cb459

SHA1
00efc9f6844bfaa37c264b6452c6a7356638ab10

SHA256
058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

SHA512
e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aBA47.bat

Filesize
722B

MD5
79abf2d59d4470e2eaf07a486fdfbe91

SHA1
c75646e84f39ba050e8e45e3fe8e5dd28749e389

SHA256
dc95de88abac58a24e5166147180142f56a3f8bc126c96bd99425c3d53eb7e84

SHA512
0d2689014a12e756a6a75d95e1484cf63a130d50b2c71f990008c4d6a143d8a7ceb3da991e189e03280bd0f4a0c833a1930392966e2f43bff5b8ec1ece4ebfb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\33364869f4ab87354624d3ea482e71397d79727753a7dc83fa8416f5daba6056.exe.exe

Filesize
131KB

MD5
16438a96a8adb85472ca72da04701b29

SHA1
b1f5ee8bc083804de4de820255107f6541c84735

SHA256
9291cd97d2f1b119438f16e97ea75119f19fd959ec5414e84b337530d692e289

SHA512
58f659a29cb34245a261b7666b1cda4b76f2df1039f3713dda6ff5a97c33b4cc273b110d10b4131a6a5c13897efcfa9a5ef3031e0e5fb14db1adc0ac1ef25dcd

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
266614ad6b767347ec5a54a3d233d117

SHA1
df820e937b640d5c87ed87cae5b472ced3ae380d

SHA256
4fce448ab6e2fe63c7fb3ace3da1099037eb8d73ffb6484f90660778ee13b086

SHA512
d7d506be66ee98edaa6a1e82fdffafab7d7654ce45f214d8ce1eb4bafcd67df46fd5fa4533632e6ea8b1be1406cc42d2584909eea454c07a22726a19257c7bed

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-523280732-2327480845-3730041215-1000\_desktop.ini

Filesize
9B

MD5
82fa69b12ac2df558c85e86426eb13eb

SHA1
ad90b8756e3bebe04450f6950419c761844d7b7e

SHA256
f7622a3740b818722e46a36b5aeb1c0ba6bec25bec811e3dcfe0b5ba1d728775

SHA512
3c4da39d3b0d68ade3ff8ded69bf1e78a1ef88f7ed70c85572ae06e6be78155ffc2f557f577208e579191be2d8be2a1fa833b9ca74a35bb69cf9c32c23f4d99f

Download Submit
memory/3840-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3840-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3840-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3840-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3840-488-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3840-1234-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3840-4785-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3840-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3840-5230-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4332-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4332-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download